Linux + Ssh Limitation + Ssh at The Same Time from Multiple Machine to One Machine

linux + ssh limitation + ssh at the same time from multiple machine to one machine

Have you set the MaxSession and MaxStartups in your sshd.conf (or equivalent)? 40 simultaneous SSH connections should not, I believe, be too many for your server to handle.

From man sshd_config page:

Specifies the maximum number of open sessions permitted per net‐
work connection. The default is 10.

Specifies the maximum number of concurrent unauthenticated con‐
nections to the SSH daemon. Additional connections will be
dropped until authentication succeeds or the LoginGraceTime
expires for a connection. The default is 10.

Alternatively, random early drop can be enabled by specifying the
three colon separated values “start:rate:full” (e.g. "10:30:60").
sshd(8) will refuse connection attempts with a probability of
“rate/100” (30%) if there are currently “start” (10) unauthenti‐
cated connections. The probability increases linearly and all
connection attempts are refused if the number of unauthenticated
connections reaches “full” (60).

If you haven't changed these, your server won't handle more than 10 simultaneous connections.

Similar question (

deny parallel ssh connection to server for specific host / IP

Maybe try using limits.conf to enforce a hard limit of 1 login for the user/group.

You might need a periodic cron job to check for and remove any stale logins.

Locks/mutexes are hard to get right and add complexity. Limits.conf is a standard feature of most unix/linux systems and should be more reliable, emphasis on should...

A similar question was raised here:

Details here:

How to prevent multiple connections in SSH?

You can set a max # of log-ins in /etc/security/limits.conf (for a user or group).

If you need an example:

echo "@loginrestriction  -  maxlogins 4" >> /etc/security/limits.conf
echo "username - maxlogins 1" >> /etc/security/limits.conf
useradd -G loginrestriction a_username

How can I limit the rate of new outgoing ssh connections when using GNU parallel?

I think we need a 'spawn at most this many jobs per second per host' option for GNU Parallel. It would probably make sense to have the default work for hosts with MaxStartups = 10:30:60, fast CPUs, but with 500 ms latency.

Can we discuss it on


--sshdelay was implemented in version 20130122.

ssh + ssh is stuck on remote machine

I'd suggest something rather different -- instead of having a fixed delay between instances, having a fixed maximum number of instances to run at a time. For instance, with that value at 25:

xargs -P "$numprocs" -J '{}' -n 1 -- \
perl -e 'alarm shift; exec @ARGV' -- "$timeout" \
ssh -nxaq -o ConnectTimeout=5 -o StrictHostKeyChecking=no '{}' /tmp/ \
<hostnames # if a file; use < <(awk ...) if a script providing per-line info

Note that -J {} is an extension which avoids bugs implicit in the specification for the (standards-mandated) -I {} xargs behavior. If it's not available, -I '{}' can be used instead -- but do read the man page to understand caveats.

What is the cleanest way to ssh and run multiple commands in Bash?

How about a Bash Here Document:

ssh otherhost << EOF
ls some_folder;
./ 'some params'
./some_other_action 'other params'

To avoid the problems mentioned by @Globalz in the comments, you may be able to (depending what you're doing on the remote site) get away with replacing the first line with

ssh otherhost /bin/bash << EOF

Note that you can do variable substitution in the Here document, but you may have to deal with quoting issues. For instance, if you quote the "limit string" (ie. EOF in the above), then you can't do variable substitutions. But without quoting the limit string, variables are substituted. For example, if you have defined $NAME above in your shell script, you could do

ssh otherhost /bin/bash << EOF
touch "/tmp/${NAME}"

and it would create a file on the destination otherhost with the name of whatever you'd assigned to $NAME. Other rules about shell script quoting also apply, but are too complicated to go into here.

Related Topics

Leave a reply