When many users connect simultaneously, you might see connections dropped:
$ ssh user@server
ssh_exchange_identification: Connection closed by remote hostOr in server logs:
sshd[12345]: drop connection: MaxStartups exceeded
sshd[12345]: Connection from 192.168.1.50 dropped by MaxStartupsSSH uses MaxStartups to throttle connection attempts, preventing overwhelming the server.
Understand MaxStartups
The MaxStartups setting controls concurrent unauthenticated connections. When too many people try to connect at once, SSH randomly drops new connections to protect itself.
Format: start:rate:full
start- Number of connections accepted without throttlingrate- Percentage chance of dropping when between start and fullfull- Maximum connections before rejecting all
Default: 10:30:100
Example behavior with default: - 0-10 connections: All accepted - 10-100 connections: Increasingly likely to drop (30% at midpoint) - Over 100: All new connections rejected
Diagnose the Problem
Check server logs:
sudo journalctl -u sshd -f
sudo tail -f /var/log/auth.log | grep MaxStartupsOr:
sudo tail -f /var/log/secure | grep -i startupLook for:
Apr 3 10:15:22 server sshd[12345]: drop connection #15 from 192.168.1.50 port 22: MaxStartups 10:30:100Check Current MaxStartups
On the server:
sudo grep MaxStartups /etc/ssh/sshd_configIf commented or missing, default is 10:30:100.
Increase MaxStartups
Edit SSH configuration:
sudo nano /etc/ssh/sshd_configFor servers with many concurrent users:
MaxStartups 50:30:200For high-traffic automation servers:
MaxStartups 100:30:500For maximum acceptance (no throttling until very high):
MaxStartups 100:10:1000Apply:
sudo sshd -t
sudo systemctl restart sshdMonitor Connection Attempts
Count pending connections:
ss -tn | grep :22 | grep -v ESTAB | wc -lWatch connections in real-time:
watch -n 1 'ss -tn | grep :22 | wc -l'Check Authentication Speed
Slow authentication causes connections to pile up. Check what's slowing it:
sudo grep UseDNS /etc/ssh/sshd_configDisable DNS lookups:
sudo sed -i 's/^UseDNS.*/UseDNS no/' /etc/ssh/sshd_configCheck GSSAPI:
sudo grep GSSAPIAuthentication /etc/ssh/sshd_configDisable if not needed:
sudo sed -i 's/^GSSAPIAuthentication.*/GSSAPIAuthentication no/' /etc/ssh/sshd_configHandle Burst Connections
For CI/CD or batch processing, stagger connections:
# In scripts, add delays
for server in ${servers[@]}; do
sleep 0.5
ssh user@$server 'command' &
done
waitUse connection multiplexing to reduce new connections:
# ~/.ssh/config
Host *
ControlMaster auto
ControlPath ~/.ssh/sockets/%r@%h-%p
ControlPersist 600Check LoginGraceTime
Authentication timeout affects pending connections:
sudo grep LoginGraceTime /etc/ssh/sshd_configDefault is 60 seconds. If authentication takes longer, reduce it:
LoginGraceTime 30This disconnects slow authenticators faster, freeing slots.
Test Connection Capacity
Simulate many connections:
for i in {1..50}; do
timeout 5 ssh -o BatchMode=yes user@server 'hostname' &
done
waitMonitor for dropped connections.
Balance MaxStartups and MaxSessions
Both settings matter:
- MaxStartups - Limits concurrent unauthenticated connections
- MaxSessions - Limits sessions per authenticated connection
Example balanced config:
MaxStartups 50:30:100
MaxSessions 10Use Load Balancer for High Traffic
For extreme concurrent users, use a load balancer:
# HAProxy config
listen ssh_cluster
bind *:22
mode tcp
balance leastconn
option tcplog
server ssh1 10.0.1.1:22 check
server ssh2 10.0.1.2:22 checkCheck System Limits
SSH connections consume resources:
```bash # Check file descriptors cat /proc/$(pgrep -o sshd)/limits | grep "open files"
# Check max processes cat /proc/$(pgrep -o sshd)/limits | grep "Max processes" ```
Increase limits in /etc/security/limits.conf:
root soft nofile 65536
root hard nofile 65536Resolution Checklist
- 1.Check MaxStartups value:
grep MaxStartups /etc/ssh/sshd_config - 2.Increase MaxStartups for high traffic
- 3.Disable slow authentication features (UseDNS, GSSAPI)
- 4.Adjust LoginGraceTime for faster cleanup
- 5.Use connection multiplexing to reduce new connections
- 6.Stagger burst connections in scripts
- 7.Monitor connection counts:
ss -tn | grep :22 - 8.Check system resource limits
MaxStartups protects servers from connection floods. Increase it for busy servers or use connection management to reduce concurrent connection attempts.