SSH is resource-intensive, especially when transferring files using scp or other methods utilizing the SSH connection. It is because SSH connection is encrypted and is computationally expensive, where a single file transfer session could hog an entire CPU core. Each user could also be running commands on the SSH server, overutilizing the CPU and the I/O.

SSH server, by default, allows multiple active connections at any given time. Multiple SSH connections shouldn't be a concern for most servers, but if you're running a public server or a jump server/bastion host, you might need to set a cap to the allowed number of concurrent connections.

You can set a limit on the maximum number of users allowed to log in to the SSH server by configuring both MaxStartups and MaxSessions options in the server's sshd_config file.

Steps to limit concurrent connection on SSH server:

  1. Open terminal application.
  2. Open sshd_config file using your preferred text editor.
    $ sudo vi /etc/ssh/sshd_config
    [sudo] password for user:
  3. Look for MaxStartups option and set the value to the maximum simultaneous connections to allow.
    MaxStartups 10
            Specifies the maximum number of concurrent unau‐
            thenticated connections to the SSH daemon.  Addi‐
            tional connections will be dropped until authenti‐
            cation succeeds or the LoginGraceTime expires for
            a connection.  The default is 10:30:100.
            Alternatively, random early drop can be enabled by
            specifying the three colon separated values
            start:rate:full (e.g. "10:30:60").  sshd(8) will
            refuse connection attempts with a probability of
            rate/100 (30%) if there are currently start (10)
            unauthenticated connections.  The probability in‐
            creases linearly and all connection attempts are
            refused if the number of unauthenticated connec‐
            tions reaches full (60).

    Colon-separated value gives you more refined control. The following example will block 50% connection once it reaches 5, and will block 100% connection once the total is 10 concurrent connection.

    MaxStartups 5:50:10

    Add the line if it doesn't already exist and remove # at the beginning of the line if it exists.

  4. Look for MaxSessions option and set the value to the maximum simultaneous sessions to allow.
    MaxSessions 5
            Specifies the maximum number of open
            shell, login or subsystem (e.g. sftp)
            sessions permitted per network connec‐
            tion.  Multiple sessions may be estab‐
            lished by clients that support connection
            multiplexing.  Setting MaxSessions to 1
            will effectively disable session multi‐
            plexing, whereas setting it to 0 will
            prevent all shell, login and subsystem
            sessions while still permitting forward‐
            ing.  The default is 10.

    Add the line if it doesn't already exist and remove # at the beginning of the line if it exists.

  5. Restart SSH service for changes to take effect.
    $ sudo systemctl restart ssh
Discuss the article:

Comment anonymously. Login not required.