linux + ssh限制+ ssh同时从多台计算机转移到一台计算机 [英] linux + ssh limitation + ssh at the same time from multiple machine to one machine
问题描述
以下脚本"testssh.ksh"证明,当我们尝试同时在多台计算机上执行ssh时,ssh会出现一些问题
实际上,此脚本的目标是验证Solaris服务器(10.10.18.6)中/var/tmp下的文件test_file,正如在某些ssh步骤中看到的那样,我们无法验证 由于ssh卡住或未从期望中激活,因此存在test_file
背景-该脚本同时对IP为10.10.18.6的Solaris服务器执行15次ssh验证,以验证服务器中/var/tmp下的file_test.
我的问题-如何改进ssh程序,以避免出现以下问题
备注-在这种情况下,睡眠可以帮助我们-但我不想在ssh进程之前添加睡眠
[root@linux /var/tmp]# more testssh.ksh
#!/bin/ksh
expect=`cat << EOF
set timeout -1
spawn ssh 10.10.18.6
expect {
")?" { send "yes\r" ; exp_continue }
word: {send pass123\r}
}
expect > {send "ls /var/tmp/test_file\r"}
expect > {send exit\r}
expect eof
EOF`
for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
do
( expect -c "$expect" | grep "test_file" | grep -v ls ) &
done
示例-当我们运行脚本testssh.ksh
[root@linux /var/tmp]# /var/tmp/testssh.ksh
/var/tmp/test_file
/var/tmp/test_file
/var/tmp/test_file
/var/tmp/test_file
/var/tmp/test_file
expect: spawn id exp6 not open
while executing
"expect > {send "ls /var/tmp/test_file\r"}"
expect: spawn id exp6 not open
while executing
"expect > {send "ls /var/tmp/test_file\r"}"
expect: spawn id exp6 not open
while executing
"expect > {send "ls /var/tmp/test_file\r"}"
expect: spawn id exp6 not open
while executing
"expect > {send "ls /var/tmp/test_file\r"}"
/var/tmp/test_file
/var/tmp/test_file
/var/tmp/test_file
/var/tmp/test_file
/var/tmp/test_file
/var/tmp/test_file
您是否已在sshd.conf
(或等效名称)中设置了MaxSession
和MaxStartups
?我认为40个同时进行的SSH连接不应太多,无法处理您的服务器.
在man sshd_config
页上:
MaxSessions
Specifies the maximum number of open sessions permitted per net‐
work connection. The default is 10.
MaxStartups
Specifies the maximum number of concurrent unauthenticated con‐
nections to the SSH daemon. Additional connections will be
dropped until authentication succeeds or the LoginGraceTime
expires for a connection. The default is 10.
Alternatively, random early drop can be enabled by specifying the
three colon separated values start:rate:full (e.g. "10:30:60").
sshd(8) will refuse connection attempts with a probability of
rate/100 (30%) if there are currently start (10) unauthenti‐
cated connections. The probability increases linearly and all
connection attempts are refused if the number of unauthenticated
connections reaches full (60).
如果您未更改这些设置,则服务器将无法同时处理10个以上的连接.
类似问题(serverfault.com). /p>
the following script "testssh.ksh" proves that ssh have some problems when we try to perform ssh from multiple machines on the same time
in fact the target of this script is to verify the file test_file under /var/tmp in the Solaris server (10.10.18.6) , as all see in some ssh steps we can’t verify the existing of the test_file because ssh stuck or not activate from the expect
background - this script perform 15 times ssh to Solaris server with IP - 10.10.18.6 on the same time in order to verify the file_test under /var/tmp in the server
my question - how to improve the ssh process in order to avoid the following problems
Remark - sleep can help us in this situation - but I not want to add sleep before ssh process
[root@linux /var/tmp]# more testssh.ksh
#!/bin/ksh
expect=`cat << EOF
set timeout -1
spawn ssh 10.10.18.6
expect {
")?" { send "yes\r" ; exp_continue }
word: {send pass123\r}
}
expect > {send "ls /var/tmp/test_file\r"}
expect > {send exit\r}
expect eof
EOF`
for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
do
( expect -c "$expect" | grep "test_file" | grep -v ls ) &
done
example - when we run the script testssh.ksh
[root@linux /var/tmp]# /var/tmp/testssh.ksh
/var/tmp/test_file
/var/tmp/test_file
/var/tmp/test_file
/var/tmp/test_file
/var/tmp/test_file
expect: spawn id exp6 not open
while executing
"expect > {send "ls /var/tmp/test_file\r"}"
expect: spawn id exp6 not open
while executing
"expect > {send "ls /var/tmp/test_file\r"}"
expect: spawn id exp6 not open
while executing
"expect > {send "ls /var/tmp/test_file\r"}"
expect: spawn id exp6 not open
while executing
"expect > {send "ls /var/tmp/test_file\r"}"
/var/tmp/test_file
/var/tmp/test_file
/var/tmp/test_file
/var/tmp/test_file
/var/tmp/test_file
/var/tmp/test_file
Have you set the MaxSession
and MaxStartups
in your sshd.conf
(or equivalent)? 40 simultaneous SSH connections should not, I believe, be too many for your server to handle.
From man sshd_config
page:
MaxSessions
Specifies the maximum number of open sessions permitted per net‐
work connection. The default is 10.
MaxStartups
Specifies the maximum number of concurrent unauthenticated con‐
nections to the SSH daemon. Additional connections will be
dropped until authentication succeeds or the LoginGraceTime
expires for a connection. The default is 10.
Alternatively, random early drop can be enabled by specifying the
three colon separated values "start:rate:full" (e.g. "10:30:60").
sshd(8) will refuse connection attempts with a probability of
"rate/100" (30%) if there are currently "start" (10) unauthenti‐
cated connections. The probability increases linearly and all
connection attempts are refused if the number of unauthenticated
connections reaches "full" (60).
If you haven't changed these, your server won't handle more than 10 simultaneous connections.
Similar question (serverfault.com).
这篇关于linux + ssh限制+ ssh同时从多台计算机转移到一台计算机的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!