Windows Open SSH Server cannot support more than 50 concurrent ssh sessions
I'm trying to set up a Windows OpenSSH Server (v1.0.0.0-Beta) and I've hit a problem.
I have a program that uses plink to create ssh connections. This can range from 1-200 connections and I'm pretty sure that should be safe. However, when I've made 50, EXACTLY 50 ssh connections, the ssh server starts rejecting the connections and looking at the logs, it shows that the posix_spawn failed and it can no longer instantiate child processes to handle the connections
I've tried this link and it didn't do anything for it. I'd really appreciate your help. Thank you!
Here is the error log when the 51st connection is made
1656 2018-03-05 16:08:05.610 debug3: fd 5 is not O_NONBLOCK
1656 2018-03-05 16:08:05.610 debug3: spawning "C:\\OpenSSH\\sshd.exe" "-R"
1656 2018-03-05 16:08:05.610 error: posix_spawn failed
1656 2018-03-05 16:08:05.610 debug3: send_rexec_state: entering fd = 8 config len 357
1656 2018-03-05 16:08:05.610 debug3: ssh_msg_send: type 0
1656 2018-03-05 16:08:05.610 debug3: send_rexec_state: done
1656 2018-03-05 16:08:05.610 debug3: ReadFileEx() ERROR:109, io:00000010C2BF98B0
Here is my config
Subsystem sftp sftp-server.exe
LogLevel Debug3
AllowAgentForwarding yes
AllowTcpForwarding yes
GatewayPorts yes
TCPKeepAlive yes
MaxStartups 1000
PasswordAuthentication yes
PermitTTY yes
PidFile C:/ProgramData/ssh/sshd.pid
MaxSessions 1000
Solution 1:
So, I opened an issue for this in their github page and got an unfortunate answer,
Apparently this is a hardcoded limit in their code since windows can't have more handles per thread and they don't want to go multi threaded and make it more complicated. I've attached a link below to the github issue
Here's their response
Ultimately, all these child process handles will be fed in a WaitForMultipleObjects call (as part of wait_for_any_event()) and that Win32 API call has a limitation of 64 handles. I had to pick a number less than this to accommodate other events (that of async accept and connect calls). Going beyond these limits will result in multi a threaded POSIX compat layer that will make it more complex and less resilient.
Github Link