I have a system where 4 or 5 times now it has locked out new ssh connections. It appears as if MaxStartups is not re-allowing connections when the number of unauthenticated connections drops. Instead, 100% rejection until sshd is restarted. The client (even "ssh localhost") gets one of: kex_exchange_identification: Connection closed by remote host kex_exchange_identification: read: Connection reset by peer See the log below; notice how the "xxx connections dropped" increases over a matter of several hours. However, this is not the MaxStartups behaviour I expect, as: - its permanent, until sshd is restarted - no forks of sshd running, just the listener - netstat shows no TCP connections So I observe zero relevant activity, and yet sshd behaves as if 100% of its slots are holding unauthenticated connections? This is a virtualised host (not container) running Alpine Linux 3.21.3, and openssh-9.9_p2-r0 package. I have no other VMs affected, just this one; despite the same OS and network (though I expect different patterns of ssh probes) Relevant configuration in /etc/ssh/sshd_config: MaxStartups 32:30:64 PerSourceMaxStartups 16 LoginGraceTime 30 2025-04-16T03:18:32 indigo sshd[2690]: error: beginning MaxStartups throttling 2025-04-16T03:18:32 indigo sshd[2690]: drop connection #0 from [193.32.x.x]:39772 on [54.36.x.x]:22 past Maxstartups 2025-04-16T06:33:25 indigo sshd[2690]: error: in MaxStartups throttling for 03:14:53, 220 connections dropped 2025-04-16T06:33:25 indigo sshd[2690]: drop connection #0 from [194.0.x.x]:37228 on [54.36.x.x]:22 past Maxstartups 2025-04-16T06:41:34 indigo sshd[2690]: error: in MaxStartups throttling for 03:23:01, 221 connections dropped 2025-04-16T06:41:34 indigo sshd[2690]: drop connection #0 from [194.0.x.x]:41658 on [54.36.x.x]:22 past Maxstartups 2025-04-16T06:48:01 indigo sshd[2690]: error: in MaxStartups throttling for 03:29:28, 225 connections dropped 2025-04-16T06:48:01 indigo sshd[2690]: drop connection #0 from [54.36.x.x]:39502 on [54.36.x.x]:22 past Maxstartups 2025-04-16T06:59:43 indigo sshd[2690]: error: in MaxStartups throttling for 03:41:11, 227 connections dropped 2025-04-16T06:59:43 indigo sshd[2690]: drop connection #0 from [80.94.x.x]:48100 on [54.36.x.x]:22 past Maxstartups 2025-04-16T07:10:56 indigo sshd[2690]: error: in MaxStartups throttling for 03:52:24, 230 connections dropped 2025-04-16T07:10:56 indigo sshd[2690]: drop connection #0 from [194.0.x.x]:23040 on [54.36.x.x]:22 past Maxstartups 2025-04-16T07:18:01 indigo sshd[2690]: error: in MaxStartups throttling for 03:59:29, 232 connections dropped 2025-04-16T07:18:01 indigo sshd[2690]: drop connection #0 from [54.36.x.x]:38460 on [54.36.x.x]:22 past Maxstartups 2025-04-16T07:31:29 indigo sshd[2690]: error: in MaxStartups throttling for 04:12:56, 237 connections dropped 2025-04-16T07:31:29 indigo sshd[2690]: drop connection #0 from [92.255.x.x]:56538 on [54.36.x.x]:22 past Maxstartups 2025-04-16T07:41:17 indigo sshd[2690]: error: in MaxStartups throttling for 04:22:45, 239 connections dropped 2025-04-16T07:41:17 indigo sshd[2690]: drop connection #0 from [80.94.x.x]:58404 on [54.36.x.x]:22 past Maxstartups 2025-04-16T07:48:01 indigo sshd[2690]: error: in MaxStartups throttling for 04:29:29, 240 connections dropped 2025-04-16T07:48:01 indigo sshd[2690]: drop connection #0 from [54.36.x.x]:57030 on [54.36.x.x]:22 past Maxstartups 2025-04-16T08:01:08 indigo sshd[2690]: error: in MaxStartups throttling for 04:42:36, 242 connections dropped 2025-04-16T08:01:08 indigo sshd[2690]: drop connection #0 from [194.0.x.x]:55362 on [54.36.x.x]:22 past Maxstartups 2025-04-16T08:18:01 indigo sshd[2690]: error: in MaxStartups throttling for 04:59:29, 246 connections dropped 2025-04-16T08:18:01 indigo sshd[2690]: drop connection #0 from [54.36.x.x]:60886 on [54.36.x.x]:22 past Maxstartups 2025-04-16T08:33:41 indigo sshd[2690]: Received signal 15; terminating. 2025-04-16T08:33:41 indigo sshd[27243]: Server listening on 0.0.0.0 port 22. 2025-04-16T08:33:41 indigo sshd[27243]: Server listening on :: port 22. This information taken from the console tty, before the 08:33 restart: $ ps afx | grep ssh 26532 pts/0 S+ 0:00 \_ grep ssh 2690 ? S 0:06 sshd: /usr/sbin/sshd [listener] 0 of 32-64 startups $ netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 3 [ ] STREAM CONNECTED 6115 unix 3 [ ] STREAM CONNECTED 6139 [...] $ netstat -lp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 2690/sshd [listener tcp 0 0 localhost:http 0.0.0.0:* LISTEN 2303/nginx.conf tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN 2663/smtpd: dispatc tcp 0 0 0.0.0.0:munin 0.0.0.0:* LISTEN 2268/perl tcp 0 0 0.0.0.0:https 0.0.0.0:* LISTEN 2303/nginx.conf tcp 0 0 localhost:postgresql 0.0.0.0:* LISTEN 2388/postgres tcp 0 0 :::ssh :::* LISTEN 2690/sshd [listener tcp 0 0 localhost:postgresql :::* LISTEN 2388/postgres tcp 0 0 localhost:http :::* LISTEN 2303/nginx.conf tcp 0 0 localhost:smtp :::* LISTEN 2663/smtpd: dispatc tcp 0 0 :::https :::* LISTEN 2303/nginx.conf Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ACC ] STREAM LISTENING 5703 2388/postgres /tmp/.s.PGSQL.5432 unix 2 [ ACC ] STREAM LISTENING 5702 2388/postgres /run/postgresql/.s.PGSQL.5432 unix 2 [ ACC ] STREAM LISTENING 6306 2661/smtpd: control /run/smtpd.sock Thanks -- Mark _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
