| Summary: | Failure to initiate 12+ simulateous connections using priv-key auth | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | David Dick <ddick> | ||||
| Component: | ssh | Assignee: | Assigned to nobody <unassigned-bugs> | ||||
| Status: | CLOSED INVALID | ||||||
| Severity: | normal | CC: | djm | ||||
| Priority: | P2 | ||||||
| Version: | 5.5p1 | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Attachments: |
|
||||||
You are almost certainly running into sshd's MaxStartups limit. Have a look at the documentation on this option in the sshd_config man page and adjust the limit in sshd_config to suit. close resolved bugs now that openssh-5.9 has been released |
Created attachment 2026 [details] Bourne Shell Script to reproduce issue When rapidly starting a lot of ssh connections to remote hosts, the most that can be done is about 12 without running into odd error messages. When running in verbose mode the log shows; OpenSSH_5.5p1, OpenSSL 1.0.0d-fips 8 Feb 2011 debug1: Reading configuration data /home/dave/.ssh/config^M debug1: Reading configuration data /etc/ssh/ssh_config^M debug1: Applying options for *^M debug2: ssh_connect: needpriv 0^M debug1: Connecting to localhost [127.0.0.1] port 22.^M debug1: Connection established.^M debug2: key_type_from_name: unknown key type '-----BEGIN'^M debug2: key_type_from_name: unknown key type 'Proc-Type:'^M debug2: key_type_from_name: unknown key type 'DEK-Info:'^M debug2: key_type_from_name: unknown key type '-----END'^M debug1: identity file /home/dave/.ssh/id_rsa type 1^M debug1: identity file /home/dave/.ssh/id_rsa-cert type -1^M debug1: identity file /home/dave/.ssh/id_dsa type -1^M debug1: identity file /home/dave/.ssh/id_dsa-cert type -1^M ssh_exchange_identification: Connection closed by remote host so the tcp connection seemingly gets made and then killed shortly afterwards. Both the client log and the server log indicate that the other side closed the connection. There is an example script attached to replicate the issue, it expects that a private key will be available via an agent.