C code to verify maximum number of ssh sessions

Question

I wrote a code that open multiple ssh sessions using threads with an interval of 3 secs b/w every thread,i was hoping for "ERROR_SSH_TOO_MANY_CONNECTIONS"(error no. 112 (0x0070)) when max. no. of sessions are exceeded. But i was not getting this error i was able to make 78 successful sessions and during 79th session i got "Cannot allocate memory",but during 11th session itself i should have got "ERROR_SSH_TOO_MANY_CONNECTIONS".

Note: 1) i did not change the max limit in "/etc/ssh/sshd_config" by default it is "10".

MaxSessions 10

2) I'm running this code in switch which makes connections from switch to my host server.

Please let me know why i'm not getting this "ERROR_SSH_TOO_MANY_CONNECTIONS" error.

    int main()
{
    int cntr =0;
    void *th_res;
    pthread_t tid[80];

    while(cntr != 80) {
        if(pthread_create(&tid[cntr], NULL, ssh_session, (void*)&tid[cntr])){
            perror("pthread creation failed");
            printf("errno = %d&&&&&&&&&&&&&&&&&&&&&&&\n",errno);
        }
        else
            printf("tid[%d] = %d\t Session No:%d\n",cntr,(int)tid[cntr],cntr+1);
        cntr++;
        sleep(2);
    }

    cntr = 0;

    while(cntr != 80) {
        //printf("Main thread waiting for tid[%d] for joining\n",(int)tid[cntr]);
        if(pthread_join(tid[cntr],&th_res)) {
            perror("pthread join error");
        }

        if(th_res != NULL)
            abort();
        cntr++;
    }

    return 0;  
}

void* ssh_session(void* arg)
{
    int my_rc = 0;

    //printf("Thread %d is executing\n",*(int*)arg);
    my_rc = system("ssh -oSSHPassword=\"************\" spandiya@10.70.12.102");
    //my_rc = system("ssh -oSSHPassword=\"fibranne\" root@10.17.18.103");

    if (WEXITSTATUS(my_rc) != 0) {
        printf("system command failed\n");
        printf("WEXITSTATUS(my_rc) =%d\n",WEXITSTATUS(my_rc));
        printf("my_rc =%d\n",my_rc);
        printf("Session limit reached###########################\n");
        return "Session limit reached";
    }

    printf("Thread %d is exiting\n",*(int*)arg);

    return NULL;
}

Answer 1

MaxSessions doesn't do what you think it does, and that error code doesn't mean what you think it does. Here is the MaxSessions description from the sshd_config man page:

MaxSessions
    Specifies the maximum number of open sessions permitted per network
    connection. The default is 10.

The ssh protocol permits multiplexing more than one ssh "channel" through a single ssh connection. A channel is an individual two-directional data stream, such as an interactive session, an SFTP channel, or an active port forward. Some channels--interactive connections, SFTP channels, or SCP instances for example--require the ssh server to launch a command to service the channel. A "session" refers to a process, started by the ssh server, which is servicing a channel. When you run a new instance of the ssh program, you're creating a new network connection. Each of those connections can have MaxSessions sessions. In fact, they each have one session so you're not even close to hitting the limit.

To experience the MaxSessions limit, you'd have to be able to start more than one session within a single connection. This is difficult to do using the ssh command-line utility. You could look into using the ssh ControlMaster, ControlPath, and ControlPersist options. Or you could write your own ssh client that opens more than one session within the same connection.

Regarding ERROR_SSH_TOO_MANY_CONNECTIONS, the actual code appears to be disconnect message code 12, SSH2_DISCONNECT_TOO_MANY_CONNECTIONS. This does in fact refer to connections, not sessions. The OpenSSH source code defines this disconnect message code, but it doesn't ever issue it. The OpenSSH ssh server has a limit on the number of unauthenticated ssh connections which may be open at one time; this is controlled by the MaxStartups sshd_config option. But OpenSSH just closes connections when it's over the limit; it doesn't issue an actual disconnect message.