Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows Open SSH Server cannot support more than 512 concurrent ssh sessions (posix_spawn failing) #2045

Open
3 tasks done
golvellius1985 opened this issue Mar 24, 2023 · 7 comments
Open
3 tasks done

Windows Open SSH Server cannot support more than 512 concurrent ssh sessions (posix_spawn failing) #2045

golvellius1985 opened this issue Mar 24, 2023 · 7 comments
Labels
Area-sshd Issue-Enhancement Feature request

Comments

@golvellius1985
Copy link

Prerequisites

  • Write a descriptive title.
  • Make sure you are able to repro it on the latest version
  • Search the existing issues.

Steps to reproduce

Hi to all,
I'm developing an application that needs to create a huge number of cuncurrent ssh sessions.

Server Operating System
Windows 11 and Windows server 2016 (I have the same issue on both systems)

Client Operating System
Windows 10 pro

Everything works well when I open 512 concurrent ssh sessions, but when I open the 513th concurrent session or more I receive on client side: connection reset

I see, if can help, that there is an old similar closed bug that had the same problem but with a smaller number of connections (50)

#1096

Expected behavior

Support > 512 connections

Actual behavior

Stops every time at 512 exactly

Error details

Log on server side:

1452 2023-03-24 10:46:47.906 debug3: fd 6 is not O_NONBLOCK
1452 2023-03-24 10:46:47.906 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe" -R as subprocess
1452 2023-03-24 10:46:47.906 error: server_accept_loop, posix_spawn failed
1452 2023-03-24 10:46:47.906 debug3: send_rexec_state: entering fd = 10 config len 2205
1452 2023-03-24 10:46:47.906 debug3: ssh_msg_send: type 0
1452 2023-03-24 10:46:47.906 debug3: write ERROR from cb(2):232, io:0000014EA341F1D0
1452 2023-03-24 10:46:47.906 error: ssh_msg_send: write: Unknown error
1452 2023-03-24 10:46:47.906 error: send_rexec_state: ssh_msg_send failed
1452 2023-03-24 10:46:47.906 debug3: send_rexec_state: done
1452 2023-03-24 10:46:47.906 debug3: ReadFileEx() ERROR:109, io:0000014EA341F100

Environment data

Name                           Value
----                           -----
PSVersion                      5.1.14393.5582
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.14393.5582
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Version

OpenSSH_for_Windows_9.2p1, LibreSSL 3.6.1

Visuals

No response
@PaulHigin PaulHigin added the Issue-Enhancement Feature request label Mar 27, 2023
@maertendMSFT
Copy link
Collaborator

Can you share more details on the application? Can the application be split so there is not the need for so many concurrent sessions? What would be a good upper limit in your mind?

@golvellius1985
Copy link
Author

Hi, unfortunately my application can't be split, it is a springboot java application created with security purposes, it is mandatory for me to can use with a large number of concurrent ssh sessions. At this moment temporarily I can avoid the limit of 512 using a linux server but my final scope is to use windows server 2016.

For the question about a good upper limit, it could be possible to set this number in configuration file? for example inside sshd_config file?
Otherwise if is not possible a perfect upper fixed limit would be 9000.

Thank a lot for your support.

@salvorizza
Copy link

A workaround could be increasing the MAX_CHILDREN and MAXIMUM_WAIT_OBJECTS_ENHANCED in contrib/win32/win32compat/signal_internal.h, i've already tried increasing this values and build, the process consumes a lot of RAM and works as expected, @maertendMSFT might be a good solution?

@matsmcp
Copy link

matsmcp commented Apr 9, 2023
edited
Loading

Since jumphosts and jumphost functionality seems to have become my thing.....

One connection through jumphosts can easily use four ssh sessions meaning a max of 128 real connections - still a lot but not impossible to reach.

The scenario in this case is an admin client that connects through an outgoing jumphost in its security zone (ssh session 1). From there the connection goes to the inbound jumphost in another security zone (ssh session 2). The connection now reaches the target server as a low privilege account - no ssh as admin over network (ssh session 3). Finally ssh administrator@localhost is used to elevate locally since we don't have sudo or runas under ssh (ssh session 4).

And yes you can do it as a single command ssh -J user@jumphost1,user@jumphost2,lowpriledgeuser@hostname administrator@localhost

@golvellius1985
Copy link
Author

Hi, any news about this ticket? Thanks a lot

@golvellius1985
Copy link
Author

Hello, is there any new informations about this ticket? thanks a lot.

@maertendMSFT
Copy link
Collaborator

No updates from our side. This item is labeled as an enhancement, so it will be weighed against active issues and other enhancements that may have higher impact for prioritization. There are also suggested workarounds.

We are happy to review a PR if you are interested in implementing the change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area-sshd Issue-Enhancement Feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@PaulHigin @golvellius1985 @maertendMSFT @salvorizza @matsmcp