Re: Implementation-hazards list [was Re: Fixing exchange of host keys in the SSH key exchange]

[Mouse <mouse%Rodents-Montreal.ORG@localhost>]

> I was curious about what that was so I looked.  Quoting moussh(1):

>      [...]
>      Worst of all, OpenSSH does not provide any way for the server admin to
>      raise this limit; it is hardwired into the code!

> That last sentence is not accurate, OpenSSH has provided a
> MaxSessions config option since [] 5.1 (2008) [...]

I've updated moussh.1:

commit 58da35d27000668ec6c9125790c47cbfed430669
Author: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Date:   Tue Mar 28 08:21:05 2017 -0400

    Update the manpage description of the OpenSSH connection-limit misfeature.

diff --git a/moussh/moussh.1 b/moussh/moussh.1
index 2bfc901..e235526 100644
--- a/moussh/moussh.1
+++ b/moussh/moussh.1
@@ -747,7 +747,8 @@ to open
 .Ar N
 parallel connections to the server.  The sharing clients are then
 load-shared among the server connections.  This option is designed to
-work around a misfeature in OpenSSH; see the
+work around a misfeature in some OpenSSH versions, still useful with
+current versions in some circumstances; see the
 .Sx CONNECTION SHARING
 section for more.
 .It Fl just-die
@@ -1142,18 +1143,21 @@ option variables false.)
 There is a misfeature (I would call it a bug, except that reading the
 source makes it clear it was done deliberately) in OpenSSH's server.
 (Similar issues may exist with others, but I have no knowledge of
-them.)  It gratuitously refuses to permit more than ten sessions per
-connection.  This means that using
+them.)  It gratuitously refuses to permit more than some number of
+sessions per connection.  This number defaults to 10, and some versions
+(before 5.1, I believe) have it hardwired to 10 in the code.  (As far
+as I know no version has a way to remove the limit entirely, though for
+most purposes specifying a large number like 1000 is equivalent.)  This
+means that using
 .Nm moussh Ap s
 connection-sharing feature to connect to such a server will work fine
 until you try to open too many remote login sessions, at which point
-you will get refusals from the remote server.  Worst of all, OpenSSH
-does not provide any way for the server admin to raise this limit; it
-is hardwired into the code!
+you will get refusals from the remote server.
 .Pp
 .Nm
-contains a workaround for this: when establishing a connection-sharing
-server, you can specify
+contains a workaround for this, in case the server is a version old
+enough to have it hardwired or its admin doesn't want to raise the
+limit: when establishing a connection-sharing server, you can specify
 .Fl share-number
 (or the corresponding config-file variable) to make
 .Nm

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B