|
Also, unfortunately, the OpenSSH “MaxSessions” setting is often configured
with the value 1.
This is really awful for a graphical client such as Bitvise SSH Client,
which hopes to be able to open at least 2 channels in the same session (one for
SFTP, one for terminal).
I’m not sure who sets that default to 1 – maybe it’s a distribution, or
maybe some zealous administrator. However, I would suggest a sensible minimum
might be at least 2 for servers that allow terminal shell and SFTP access.
denis
From: Darren Tucker
Sent: Monday, March 27, 2017 23:56
To: Mouse
Subject: Re: Implementation-hazards list [was Re: Fixing exchange of
host keys in the SSH key exchange] On Tue, Mar 28, 2017 at 9:04 AM, Mouse <mouse%rodents-montreal.org@localhost> wrote: -- [...] I was curious about what that was so I looked. Quoting
moussh(1):
There is a misfeature (I would call it a bug,
except that reading the
source makes it clear it was done deliberately) in
OpenSSH's server.
(Similar issues may exist with others, but I have
no knowledge of them.)
It gratuitously refuses to permit more than ten
sessions per connection.
This means that using moussh's connection-sharing
feature to connect to
such a server will work fine until you try to open
too many remote login
sessions, at which point you will get refusals
from the remote server.
Worst of all, OpenSSH does not provide any way for
the server admin to
raise this limit; it is hardwired into the
code! That last sentence is not accurate, OpenSSH has provided a MaxSessions
config option since the 5.1 (2008): https://www.openssh.com/releasenotes.html#5.1
Darren Tucker (dtucker at zip.com.au) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. |