linux + ssh限制+ ssh同时从多台计算机转移到一台计算机 [英] linux + ssh limitation + ssh at the same time from multiple machine to one machine

问题描述

以下脚本"testssh.ksh"证明，当我们尝试同时在多台计算机上执行ssh时，ssh会出现一些问题

实际上，此脚本的目标是验证Solaris服务器(10.10.18.6)中/var/tmp下的文件test_file，正如在某些ssh步骤中看到的那样，我们无法验证 由于ssh卡住或未从期望中激活，因此存在test_file

背景-该脚本同时对IP为10.10.18.6的Solaris服务器执行15次ssh验证，以验证服务器中/var/tmp下的file_test.

我的问题-如何改进ssh程序，以避免出现以下问题

备注-在这种情况下，睡眠可以帮助我们-但我不想在ssh进程之前添加睡眠

  [root@linux /var/tmp]# more  testssh.ksh
  #!/bin/ksh



  expect=`cat << EOF
  set timeout -1
  spawn  ssh  10.10.18.6 
       expect {
                 ")?"   { send "yes\r"  ; exp_continue  }

                 word:  {send pass123\r}
              }
  expect >  {send "ls  /var/tmp/test_file\r"}
  expect >    {send exit\r}
  expect eof
  EOF`


  for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
  do
     ( expect -c  "$expect"  | grep "test_file"  | grep -v ls ) &
  done

示例-当我们运行脚本testssh.ksh

     [root@linux /var/tmp]# /var/tmp/testssh.ksh
     /var/tmp/test_file
     /var/tmp/test_file
     /var/tmp/test_file
     /var/tmp/test_file
     /var/tmp/test_file
     expect: spawn id exp6 not open
     while executing
     "expect >  {send "ls  /var/tmp/test_file\r"}"
     expect: spawn id exp6 not open
     while executing
     "expect >  {send "ls  /var/tmp/test_file\r"}"
     expect: spawn id exp6 not open
     while executing
     "expect >  {send "ls  /var/tmp/test_file\r"}"
     expect: spawn id exp6 not open
     while executing
     "expect >  {send "ls  /var/tmp/test_file\r"}"
     /var/tmp/test_file
     /var/tmp/test_file
     /var/tmp/test_file
     /var/tmp/test_file
     /var/tmp/test_file
     /var/tmp/test_file

解决方案

您是否已在sshd.conf(或等效名称)中设置了MaxSession和MaxStartups?我认为40个同时进行的SSH连接不应太多，无法处理您的服务器.

在man sshd_config页上:

 MaxSessions
         Specifies the maximum number of open sessions permitted per net‐
         work connection.  The default is 10.

 MaxStartups
         Specifies the maximum number of concurrent unauthenticated con‐
         nections to the SSH daemon.  Additional connections will be
         dropped until authentication succeeds or the LoginGraceTime
         expires for a connection.  The default is 10.

         Alternatively, random early drop can be enabled by specifying the
         three colon separated values start:rate:full (e.g. "10:30:60").
         sshd(8) will refuse connection attempts with a probability of
         rate/100 (30%) if there are currently start (10) unauthenti‐
         cated connections.  The probability increases linearly and all
         connection attempts are refused if the number of unauthenticated
         connections reaches full (60).

如果您未更改这些设置，则服务器将无法同时处理10个以上的连接.

类似问题(serverfault.com). /p>

the following script "testssh.ksh" proves that ssh have some problems when we try to perform ssh from multiple machines on the same time

in fact the target of this script is to verify the file test_file under /var/tmp in the Solaris server (10.10.18.6) , as all see in some ssh steps we can’t verify the existing of the test_file because ssh stuck or not activate from the expect

background - this script perform 15 times ssh to Solaris server with IP - 10.10.18.6 on the same time in order to verify the file_test under /var/tmp in the server

my question - how to improve the ssh process in order to avoid the following problems

Remark - sleep can help us in this situation - but I not want to add sleep before ssh process

  [root@linux /var/tmp]# more  testssh.ksh
  #!/bin/ksh



  expect=`cat << EOF
  set timeout -1
  spawn  ssh  10.10.18.6 
       expect {
                 ")?"   { send "yes\r"  ; exp_continue  }

                 word:  {send pass123\r}
              }
  expect >  {send "ls  /var/tmp/test_file\r"}
  expect >    {send exit\r}
  expect eof
  EOF`


  for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
  do
     ( expect -c  "$expect"  | grep "test_file"  | grep -v ls ) &
  done

example - when we run the script testssh.ksh

     [root@linux /var/tmp]# /var/tmp/testssh.ksh
     /var/tmp/test_file
     /var/tmp/test_file
     /var/tmp/test_file
     /var/tmp/test_file
     /var/tmp/test_file
     expect: spawn id exp6 not open
     while executing
     "expect >  {send "ls  /var/tmp/test_file\r"}"
     expect: spawn id exp6 not open
     while executing
     "expect >  {send "ls  /var/tmp/test_file\r"}"
     expect: spawn id exp6 not open
     while executing
     "expect >  {send "ls  /var/tmp/test_file\r"}"
     expect: spawn id exp6 not open
     while executing
     "expect >  {send "ls  /var/tmp/test_file\r"}"
     /var/tmp/test_file
     /var/tmp/test_file
     /var/tmp/test_file
     /var/tmp/test_file
     /var/tmp/test_file
     /var/tmp/test_file

解决方案

Have you set the MaxSession and MaxStartups in your sshd.conf (or equivalent)? 40 simultaneous SSH connections should not, I believe, be too many for your server to handle.

From man sshd_config page:

 MaxSessions
         Specifies the maximum number of open sessions permitted per net‐
         work connection.  The default is 10.

 MaxStartups
         Specifies the maximum number of concurrent unauthenticated con‐
         nections to the SSH daemon.  Additional connections will be
         dropped until authentication succeeds or the LoginGraceTime
         expires for a connection.  The default is 10.

         Alternatively, random early drop can be enabled by specifying the
         three colon separated values "start:rate:full" (e.g. "10:30:60").
         sshd(8) will refuse connection attempts with a probability of
         "rate/100" (30%) if there are currently "start" (10) unauthenti‐
         cated connections.  The probability increases linearly and all
         connection attempts are refused if the number of unauthenticated
         connections reaches "full" (60).

If you haven't changed these, your server won't handle more than 10 simultaneous connections.

Similar question (serverfault.com).

这篇关于linux + ssh限制+ ssh同时从多台计算机转移到一台计算机的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！