SSH by default allows multiple connections to the server at any given time. This shouldn't be a concern for most but if you're running a public server or if it's a jump server / bastion host, you might need to set a cap to the allowed number of concurrent connections to the server.

SSH is resource intensive especially when transferring files using scp or any other methods as the encryption is computationally expensive and could easily hog an entire CPU core per session.

You can set a limit on the maximum number of users allowed to login to the SSH server by configuring both MaxStartups and MaxSessionssoptions in the sshd_config file.

Steps to limit concurrent connection on SSH server:

  1. Open terminal application.
  2. Open sshd_config file using your preferred text editor.
    $ sudo vi /etc/ssh/sshd_config
    [sudo] password for user:
  3. Look for MaxStartups option and set the value to the maximum simultaneous connections to allow.
    MaxStartups 10
    MaxStartups
            Specifies the maximum number of concurrent unau‐
            thenticated connections to the SSH daemon.  Addi‐
            tional connections will be dropped until authenti‐
            cation succeeds or the LoginGraceTime expires for
            a connection.  The default is 10:30:100.
    
            Alternatively, random early drop can be enabled by
            specifying the three colon separated values
            start:rate:full (e.g. "10:30:60").  sshd(8) will
            refuse connection attempts with a probability of
            rate/100 (30%) if there are currently start (10)
            unauthenticated connections.  The probability in‐
            creases linearly and all connection attempts are
            refused if the number of unauthenticated connec‐
            tions reaches full (60).

    Colon-separated value gives you more refined control. The following example will block 50% connection once it reaches 5, and will block 100% connection once the total is 10 concurrent connection.

    MaxStartups 5:50:10

    Remove # if exist at the beginning of line or add a new line if the option does not currently exist at all.

  4. Look for MaxSessions option and set the value to the maximum simultaneous sessions to allow.
    MaxSessions 5
    MaxSessions
            Specifies the maximum number of open
            shell, login or subsystem (e.g. sftp)
            sessions permitted per network connec‐
            tion.  Multiple sessions may be estab‐
            lished by clients that support connection
            multiplexing.  Setting MaxSessions to 1
            will effectively disable session multi‐
            plexing, whereas setting it to 0 will
            prevent all shell, login and subsystem
            sessions while still permitting forward‐
            ing.  The default is 10.

    Remove # if exist at the beginning of line or add a new line if the option does not currently exist at all.

  5. Restart SSH service for changes to take effect.
    $ sudo systemctl restart ssh

Support us on Patreon if this guide has helped you. Thanks!!!

Discuss the article:

Comment anonymously. Login not required.

Share!