本文关注于Linux系统的安全性和性能调整,包括检查存在的限制,如打开文件数和最大用户进程,并记录错误日志。针对sshd服务出现的资源不足问题,通过修改/etc/security/limits.conf和/etc/ssh/sshd_config等配置文件,增加最大文件描述符数量、最大用户进程数和最大会话数,以解决'no more sessions'错误。同时,注意到特定用户并发登录的限制可以通过编辑/etc/security/limits.d/90-nproc.conf来调整。
1. check existing limits :
[root@test3 security]# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 63699
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 63699
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
2. Errors and logs :
1) log location : var/log/secure
2) Error 1 :
May 6 13:16:35 test3 sshd[9800]: subsystem request for sftp
May 6 13:16:35 test3 sshd[9800]: error: do_exec_no_pty: fork: Resource temporarily unavailable
May 6 13:16:35 test3 sshd[9800]: subsystem request for sftp failed, subsystem not found
file changed : /etc/security/limits.conf
-- changed open files to 4096 from 1024;
-- changed max user processes(hard & soft) to 128376 from 63699
-- user maxlogins added : 1000
3)Error 2 : no more sessions
file changed : /etc/ssh/sshd_config
--MaxSessions 10240 from 1000
--MaxStartups 10240 from 1000
much less "no more sessions" error now but still some
4) file changed : /etc/security/limits.conf
-- change maxlogins from 1000 to 2000 (this may not help )
5) file changed : /etc/security/limits.d/90-nproc.conf ( this control the max open sessions/concurrent logins for specific user : stormReportsUat , help "no more sessions" error
-- added stormRepUser soft nproc 10240
扫一扫
926
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
