Gleichzeitige SFTP-Benutzer können sich nicht anmelden


1

Ich habe einen SFTP Ubuntu Server 16.04 in der DMZ. Wenn sich ein Benutzer über WINSCP anmeldet, kann sich ein anderer Benutzer nicht anmelden.

SSHD-Konfiguration

Willkommen bei Ubuntu 16.04.3 LTS (GNU / Linux 4.4.0-112-generic x86_64)

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024

# Logging
SyslogFacility AUTH
LogLevel VERBOSE

# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile     %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

Ich kann bei Bedarf weitere Informationen veröffentlichen, bin mir aber nicht sicher, wo ich anfangen soll. Ich denke, dies wurde möglicherweise auf Benutzer- oder Gruppenebene durchgeführt, aber ich weiß nicht, wo ich die entsprechenden Änderungen vornehmen soll.

BEARBEITEN - Beim Versuch, eine Verbindung mit WINSCP herzustellen, kann ich jeweils nur eine Verbindung mit einem Benutzer herstellen. Ich kann keine Verbindung mit mehreren Benutzern herstellen. Ich habe maxstartup 500 zur sshd _config hinzugefügt.Ich habe den Dienst neu gestartet und das Problem besteht weiterhin. Jede Hilfe wäre sehr dankbar. Danke

0

man sshd_config specify two relevant parameters: MaxSessions and MaxStartups

 MaxSessions
         Specifies the maximum number of open shell, login or subsystem
         (e.g. sftp) sessions permitted per network connection.  Multiple
         sessions may be established by clients that support connection
         multiplexing.  Setting MaxSessions to 1 will effectively disable
         session multiplexing, whereas setting it to 0 will prevent all
         shell, login and subsystem sessions while still permitting
         forwarding.  The default is 10.

 MaxStartups
         Specifies the maximum number of concurrent unauthenticated
         connections to the SSH daemon.  Additional connections will be
         dropped until authentication succeeds or the LoginGraceTime
         expires for a connection.  The default is 10:30:100.

         Alternatively, random early drop can be enabled by specifying the
         three colon separated values “start:rate:full” (e.g. "10:30:60").
         sshd(8) will refuse connection attempts with a probability of
         “rate/100” (30%) if there are currently “start” (10)
         unauthenticated connections.  The probability increases linearly
         and all connection attempts are refused if the number of
         unauthenticated connections reaches “full” (60).