What limits are there on the number of reverse ssh tunnels?

Solution 1:

The limit on active SSH connections is 65,534 minus the number of TCP ports in use on your system -- If we want to be conservative let's just say 60,000 (or for most practical purposes "Unlimited"). You may bump up against other system resource limits however, depending on the machine you're connecting to.

That said you might want to economize on the number of tunnels (do you really need three connections per board?), and if you don't always need the connections up you might want to have the remote site initiate them only when needed.

Solution 2:

TL;DR: memory. Rest is okay (for hundreds of tunnels).

Assuming we don't run out of ports or file descriptors, what is most likely to trip us up?

I think it is safe enough to answer: memory.

A quick experiment shows 4.6 megabytes of actual memory consumed per incoming connection. Part of it may be shared, a real experiment would tell. Fix: add swap space.

Also, 86 megabytes of addressing space which is quite big. It's very probably shared, or a 32-bit server would have addressing space exhaustion before 50 connections. Fix: use a 64-bit OS.

Assuming we don't run out of ports or file descriptors,

Does this assumption hold true?

• At the range of hundreds, ports won't be a problem, unless your server is also a high traffic server for something else.

• File descriptors might get exhausted. A quick experiment shows 21 file descriptors consumed per incoming ssh connection, not counting a shell. The limit on file descriptors can be tuned system-wide, so it should not be a real blocker.

(Experiments done on a 64-bit Debian server.)