[arch-general] sshd - limiting sequential no. or files opened via sftp in kate?
All, Not sure where to look for this. I have always kept kate projects different things like, different application development, different web-site editing, etc... Many of the projects I keep on my Arch server and have kate open the files via the sftp kioslave (or whatever it is called now) For some reason, now when I open remote projects on the server, the first 15 or so files open without issue. Anything over that fails with a connection error and the files are opened as "Untitled" and are empty (simply pressing "Reload" completes the opening without issue), but that has to occur after kate is open, and not when the project is attempting to load the files sequentially all at once. The journal shows no error, just the normal sshd key authorization, etc. as session through (c17) are opened, e.g. Jun 07 01:29:04 valkyrie sshd[9269]: Accepted publickey for david from 192.168.6.104 port 56170 ssh2: ECDSA SHA256:97TPKWvaGks+sjneobeoY9RpK1Hznnh8xJCjbcAWrkQ Jun 07 01:29:04 valkyrie sshd[9268]: Accepted publickey for david from 192.168.6.104 port 56168 ssh2: ECDSA SHA256:97TPKWvaGks+sjneobeoY9RpK1Hznnh8xJCjbcAWrkQ Jun 07 01:29:04 valkyrie sshd[9269]: pam_unix(sshd:session): session opened for user david by (uid=0) Jun 07 01:29:04 valkyrie sshd[9268]: pam_unix(sshd:session): session opened for user david by (uid=0) Jun 07 01:29:04 valkyrie systemd-logind[539]: New session c5 of user david. Jun 07 01:29:04 valkyrie systemd[1]: Started Session c5 of user david. Jun 07 01:29:04 valkyrie systemd-logind[539]: New session c6 of user david. Jun 07 01:29:04 valkyrie systemd[1]: Started Session c6 of user david. Jun 07 01:29:05 valkyrie sshd[9274]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth] Jun 07 01:29:05 valkyrie sshd[9275]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth] Jun 07 01:29:05 valkyrie sshd[9272]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth] Jun 07 01:29:05 valkyrie sshd[9274]: Accepted publickey for david from 192.168.6.104 port 56174 ssh2: ECDSA SHA256:97TPKWvaGks+sjneobeoY9RpK1Hznnh8xJCjbcAWrkQ Jun 07 01:29:05 valkyrie sshd[9274]: pam_unix(sshd:session): session opened for user david by (uid=0) Jun 07 01:29:05 valkyrie systemd-logind[539]: New session c7 of user david. Jun 07 01:29:05 valkyrie systemd[1]: Started Session c7 of user david. ... I don't see any failures at all in the logs, which I would expect given the connection failure. Any ideas on what could be causing this? I don't any longer, but there were times in the past I would have 120 files in a project and had no problems at all opening the project either across the LAN or remotes via the internet on my office server. So this seems like it is some protection designed to prevent hackers from hammering your server with ssh requests -- but it seems like it is having the side effect of preventing me from loading projects with more than say 20 files via sftp. -- David C. Rankin, J.D.,P.E.
[long email, so top-posting] MaxSessions and MaxStartups in /etc/ssh/sshd_config? Cheers, L. On Thu, Jun 07, 2018 at 01:44:37AM -0500, David C. Rankin wrote:
All,
Not sure where to look for this. I have always kept kate projects different things like, different application development, different web-site editing, etc... Many of the projects I keep on my Arch server and have kate open the files via the sftp kioslave (or whatever it is called now)
For some reason, now when I open remote projects on the server, the first 15 or so files open without issue. Anything over that fails with a connection error and the files are opened as "Untitled" and are empty (simply pressing "Reload" completes the opening without issue), but that has to occur after kate is open, and not when the project is attempting to load the files sequentially all at once.
The journal shows no error, just the normal sshd key authorization, etc. as session through (c17) are opened, e.g.
Jun 07 01:29:04 valkyrie sshd[9269]: Accepted publickey for david from 192.168.6.104 port 56170 ssh2: ECDSA SHA256:97TPKWvaGks+sjneobeoY9RpK1Hznnh8xJCjbcAWrkQ Jun 07 01:29:04 valkyrie sshd[9268]: Accepted publickey for david from 192.168.6.104 port 56168 ssh2: ECDSA SHA256:97TPKWvaGks+sjneobeoY9RpK1Hznnh8xJCjbcAWrkQ Jun 07 01:29:04 valkyrie sshd[9269]: pam_unix(sshd:session): session opened for user david by (uid=0) Jun 07 01:29:04 valkyrie sshd[9268]: pam_unix(sshd:session): session opened for user david by (uid=0) Jun 07 01:29:04 valkyrie systemd-logind[539]: New session c5 of user david. Jun 07 01:29:04 valkyrie systemd[1]: Started Session c5 of user david. Jun 07 01:29:04 valkyrie systemd-logind[539]: New session c6 of user david. Jun 07 01:29:04 valkyrie systemd[1]: Started Session c6 of user david. Jun 07 01:29:05 valkyrie sshd[9274]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth] Jun 07 01:29:05 valkyrie sshd[9275]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth] Jun 07 01:29:05 valkyrie sshd[9272]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth] Jun 07 01:29:05 valkyrie sshd[9274]: Accepted publickey for david from 192.168.6.104 port 56174 ssh2: ECDSA SHA256:97TPKWvaGks+sjneobeoY9RpK1Hznnh8xJCjbcAWrkQ Jun 07 01:29:05 valkyrie sshd[9274]: pam_unix(sshd:session): session opened for user david by (uid=0) Jun 07 01:29:05 valkyrie systemd-logind[539]: New session c7 of user david. Jun 07 01:29:05 valkyrie systemd[1]: Started Session c7 of user david. ...
I don't see any failures at all in the logs, which I would expect given the connection failure. Any ideas on what could be causing this?
I don't any longer, but there were times in the past I would have 120 files in a project and had no problems at all opening the project either across the LAN or remotes via the internet on my office server. So this seems like it is some protection designed to prevent hackers from hammering your server with ssh requests -- but it seems like it is having the side effect of preventing me from loading projects with more than say 20 files via sftp.
-- David C. Rankin, J.D.,P.E.
-- Leonid Isaev
Hi David, Leonid wrote:
kate open the files via the sftp kioslave (or whatever it is called now)
For some reason, now when I open remote projects on the server, the first 15 or so files open without issue. Anything over that fails with a connection error
MaxSessions and MaxStartups in /etc/ssh/sshd_config?
Also, check what Kate is really using, i.e. if it is sftp(1) then examine sshd_config(5) for `Subsystem' to see if an external server is being used, here it's # override default of no subsystems Subsystem sftp /usr/lib/ssh/sftp-server and then try sftp-server(8)'s `-l' to gain more logging. -- Cheers, Ralph. https://plus.google.com/+RalphCorderoy
On 06/07/2018 08:01 AM, Leonid Isaev via arch-general wrote:
[long email, so top-posting]
MaxSessions and MaxStartups in /etc/ssh/sshd_config?
Cheers, L.
You are brilliant, it ended up being MaxStartups, added 20 to the default, e.g. #MaxStartups 10:30:100 MaxStartups 30:50:100 And all files opened just fine. I tried increasing MaxSessions first -- no help. Ralph, thanks, I too have: # override default of no subsystems Subsystem sftp /usr/lib/ssh/sftp-server It looks like MaxStartups was the setting at issue. I'm glad it is there (I haven't had any huge kate project since 2012/13) It just caught me a bit by surprise when I opened an old web-site project with 34 files in it. -- David C. Rankin, J.D.,P.E.
Could it be that you have run out of inotify watches? Try increasing it and see if that helps. On Thu, Jun 7, 2018, 12:44 AM David C. Rankin < drankinatty@suddenlinkmail.com> wrote:
All,
Not sure where to look for this. I have always kept kate projects different things like, different application development, different web-site editing, etc... Many of the projects I keep on my Arch server and have kate open the files via the sftp kioslave (or whatever it is called now)
For some reason, now when I open remote projects on the server, the first 15 or so files open without issue. Anything over that fails with a connection error and the files are opened as "Untitled" and are empty (simply pressing "Reload" completes the opening without issue), but that has to occur after kate is open, and not when the project is attempting to load the files sequentially all at once.
The journal shows no error, just the normal sshd key authorization, etc. as session through (c17) are opened, e.g.
Jun 07 01:29:04 valkyrie sshd[9269]: Accepted publickey for david from 192.168.6.104 port 56170 ssh2: ECDSA SHA256:97TPKWvaGks+sjneobeoY9RpK1Hznnh8xJCjbcAWrkQ Jun 07 01:29:04 valkyrie sshd[9268]: Accepted publickey for david from 192.168.6.104 port 56168 ssh2: ECDSA SHA256:97TPKWvaGks+sjneobeoY9RpK1Hznnh8xJCjbcAWrkQ Jun 07 01:29:04 valkyrie sshd[9269]: pam_unix(sshd:session): session opened for user david by (uid=0) Jun 07 01:29:04 valkyrie sshd[9268]: pam_unix(sshd:session): session opened for user david by (uid=0) Jun 07 01:29:04 valkyrie systemd-logind[539]: New session c5 of user david. Jun 07 01:29:04 valkyrie systemd[1]: Started Session c5 of user david. Jun 07 01:29:04 valkyrie systemd-logind[539]: New session c6 of user david. Jun 07 01:29:04 valkyrie systemd[1]: Started Session c6 of user david. Jun 07 01:29:05 valkyrie sshd[9274]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth] Jun 07 01:29:05 valkyrie sshd[9275]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth] Jun 07 01:29:05 valkyrie sshd[9272]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth] Jun 07 01:29:05 valkyrie sshd[9274]: Accepted publickey for david from 192.168.6.104 port 56174 ssh2: ECDSA SHA256:97TPKWvaGks+sjneobeoY9RpK1Hznnh8xJCjbcAWrkQ Jun 07 01:29:05 valkyrie sshd[9274]: pam_unix(sshd:session): session opened for user david by (uid=0) Jun 07 01:29:05 valkyrie systemd-logind[539]: New session c7 of user david. Jun 07 01:29:05 valkyrie systemd[1]: Started Session c7 of user david. ...
I don't see any failures at all in the logs, which I would expect given the connection failure. Any ideas on what could be causing this?
I don't any longer, but there were times in the past I would have 120 files in a project and had no problems at all opening the project either across the LAN or remotes via the internet on my office server. So this seems like it is some protection designed to prevent hackers from hammering your server with ssh requests -- but it seems like it is having the side effect of preventing me from loading projects with more than say 20 files via sftp.
-- David C. Rankin, J.D.,P.E.
participants (4)
-
David C. Rankin
-
Leonid Isaev
-
Nero Claudius Drusus
-
Ralph Corderoy