AG
2016-06-02 01:51:27 UTC
Hello,
I manage OpenSSH on a dozen or so servers that act as gateways for a large
amount of developers and system administrators. On these servers it is
common for there to be more than 1000 active X11 forwards active at peak
usage. Beyond ~1000 active X11 forwards, sshd will fail to bind additional
ports due to a hard coded range check in channels.c that limits the port
range that sshd will attempt to bind. Today this is set at 1000:
channels.c:152:#define MAX_DISPLAYS 1000
I have made changes to OpenSSH portable that allow this setting to be
configured via an option in sshd_config named MaxDisplays. If not
explicitly set, it maintains the default value of 1000.
It seems to me that this setting should be configurable by the user similar
to how X11DisplayOffset is configurable. I've read the code carefully and
am currently using this patch in my production environment without any
issues. I don't see any reason this change would cause any issues for users
that do not need to explicitly set it. I also don't envision this being a
maintenance burden as it's a very simple feature.
I'd appreciate this being considered for acceptance into OpenSSH.
Also, I'm curious if this issue has ever come up before? Is it really that
strange of a case?
I understand that you don't utilize GitHub for development, but for
convenience you can see the changes in a web browser:
https://github.com/openssh/openssh-portable/pull/41
I've attached the patch to this message as well.
Thanks,
Adam
I manage OpenSSH on a dozen or so servers that act as gateways for a large
amount of developers and system administrators. On these servers it is
common for there to be more than 1000 active X11 forwards active at peak
usage. Beyond ~1000 active X11 forwards, sshd will fail to bind additional
ports due to a hard coded range check in channels.c that limits the port
range that sshd will attempt to bind. Today this is set at 1000:
channels.c:152:#define MAX_DISPLAYS 1000
I have made changes to OpenSSH portable that allow this setting to be
configured via an option in sshd_config named MaxDisplays. If not
explicitly set, it maintains the default value of 1000.
It seems to me that this setting should be configurable by the user similar
to how X11DisplayOffset is configurable. I've read the code carefully and
am currently using this patch in my production environment without any
issues. I don't see any reason this change would cause any issues for users
that do not need to explicitly set it. I also don't envision this being a
maintenance burden as it's a very simple feature.
I'd appreciate this being considered for acceptance into OpenSSH.
Also, I'm curious if this issue has ever come up before? Is it really that
strange of a case?
I understand that you don't utilize GitHub for development, but for
convenience you can see the changes in a web browser:
https://github.com/openssh/openssh-portable/pull/41
I've attached the patch to this message as well.
Thanks,
Adam