I am now testing the following (which includes a little documentation for
a new MaxClients):
Index: servconf.c
===
RCS file: /cvs/openssh/servconf.c,v
retrieving revision 1.163
diff -u -r1.163 servconf.c
--- servconf.c 20 May 2007 05:03:16 - 1.163
+++ servconf.c 16 Oct 2007 16:50:46 -
@@ -108,6 +108,7 @@
options-protocol = SSH_PROTO_UNKNOWN;
options-gateway_ports = -1;
options-num_subsystems = 0;
+ options-max_clients = -1;
options-max_startups_begin = -1;
options-max_startups_rate = -1;
options-max_startups = -1;
@@ -224,6 +225,8 @@
options-allow_tcp_forwarding = 1;
if (options-gateway_ports == -1)
options-gateway_ports = 0;
+ if (options-max_clients == -1)
+ options-max_clients = 1000;
if (options-max_startups == -1)
options-max_startups = 10;
if (options-max_startups_rate == -1)
@@ -286,7 +289,7 @@
sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem,
- sMaxStartups, sMaxAuthTries,
+ sMaxClients, sMaxStartups, sMaxAuthTries,
sBanner, sUseDNS, sHostbasedAuthentication,
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
@@ -387,6 +390,7 @@
{ protocol, sProtocol, SSHCFG_GLOBAL },
{ gatewayports, sGatewayPorts, SSHCFG_ALL },
{ subsystem, sSubsystem, SSHCFG_GLOBAL },
+ { maxclients, sMaxClients, SSHCFG_GLOBAL },
{ maxstartups, sMaxStartups, SSHCFG_GLOBAL },
{ maxauthtries, sMaxAuthTries, SSHCFG_GLOBAL },
{ banner, sBanner, SSHCFG_ALL },
@@ -1115,6 +1119,10 @@
options-subsystem_args[options-num_subsystems] = p;
options-num_subsystems++;
break;
+
+ case sMaxClients:
+ intptr = options-max_clients;
+ goto parse_int;
case sMaxStartups:
arg = strdelim(cp);
Index: servconf.h
===
RCS file: /cvs/openssh/servconf.h,v
retrieving revision 1.72
diff -u -r1.72 servconf.h
--- servconf.h 19 Feb 2007 11:25:38 - 1.72
+++ servconf.h 16 Oct 2007 16:50:46 -
@@ -115,6 +115,7 @@
u_int num_accept_env;
char *accept_env[MAX_ACCEPT_ENV];
+ int max_clients;
int max_startups_begin;
int max_startups_rate;
int max_startups;
Index: sshd.c
===
RCS file: /cvs/openssh/sshd.c,v
retrieving revision 1.364
diff -u -r1.364 sshd.c
--- sshd.c 5 Jun 2007 08:22:32 - 1.364
+++ sshd.c 16 Oct 2007 16:50:47 -
@@ -181,6 +181,11 @@
int num_listen_socks = 0;
/*
+ * Keep track of number of clients for MaxClients.
+ */
+int num_clients = 0;
+
+/*
* the client's version string, passed by sshd2 in compat mode. if != NULL,
* sshd will skip the version-number exchange
*/
@@ -338,6 +343,8 @@
(pid 0 errno == EINTR))
;
+ num_clients--;
+
signal(SIGCHLD, main_sigchld_handler);
errno = save_errno;
}
@@ -1092,6 +1099,11 @@
close(*newsock);
continue;
}
+ if (num_clients = options.max_clients) {
+ debug(max clients %d, num_clients);
+ close(*newsock);
+ continue;
+ }
if (drop_connection(startups) == 1) {
debug(drop connection #%d, startups);
close(*newsock);
@@ -1185,6 +1197,8 @@
debug(Forked child %ld., (long)pid);
close(startup_p[1]);
+
+ num_clients++;
if (rexec_flag) {
send_rexec_state(config_s[0], cfg);
Index: sshd_config
===
RCS file: /cvs/openssh/sshd_config,v
retrieving revision 1.78
diff -u -r1.78 sshd_config
--- sshd_config 17 Sep 2007 01:57:38 - 1.78
+++ sshd_config 16 Oct 2007 16:50:47 -
@@ -100,6 +100,7 @@
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
+#MaxClients 1000
#MaxStartups 10
#PermitTunnel no
Index: sshd_config.5
===
RCS file: /cvs/openssh/sshd_config.5,v
retrieving revision 1.84
diff -u -r1.84 sshd_config.5
--- sshd_config.5 17 Sep 2007 01:57:38 - 1.84
+++ sshd_config.5 16 Oct 2007 16:50:47 -
@@