Не удается получить одновременное использование пользователей SFTP для входа в систему

Question 1

У меня есть SFTP Ubuntu Server 16.04 в DMZ, если один пользователь входит в систему через WINSCP, другой пользователь не может войти в систему.

SSHD Config

Добро пожаловать в Ubuntu 16.04. 3 LTS (GNU / Linux 4.4.0-112-generic x86_64)

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024

# Logging
SyslogFacility AUTH
LogLevel VERBOSE

# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile     %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

Я могу опубликовать дополнительную информацию, если это необходимо, просто не знаю, с чего начать, я думаю, что это то, что, возможно, было сделано на уровне пользователя или группы, но я не знаю, где внести соответствующие изменения.

EDIT- При попытке подключения к WINSCP я могу подключаться только к одному пользователю за раз, я не могу подключиться к нескольким пользователям , Я добавил maxstartup 500 в sshd _config. Я перезапустил службу, и проблема все еще существует. Любая помощь будет принята с благодарностью, спасибо

Question 2

man sshd_config задает два соответствующих параметра: MaxSessions и MaxStartups

 MaxSessions
         Specifies the maximum number of open shell, login or subsystem
         (e.g. sftp) sessions permitted per network connection.  Multiple
         sessions may be established by clients that support connection
         multiplexing.  Setting MaxSessions to 1 will effectively disable
         session multiplexing, whereas setting it to 0 will prevent all
         shell, login and subsystem sessions while still permitting
         forwarding.  The default is 10.

 MaxStartups
         Specifies the maximum number of concurrent unauthenticated
         connections to the SSH daemon.  Additional connections will be
         dropped until authentication succeeds or the LoginGraceTime
         expires for a connection.  The default is 10:30:100.

         Alternatively, random early drop can be enabled by specifying the
         three colon separated values “start:rate:full” (e.g. "10:30:60").
         sshd(8) will refuse connection attempts with a probability of
         “rate/100” (30%) if there are currently “start” (10)
         unauthenticated connections.  The probability increases linearly
         and all connection attempts are refused if the number of
         unauthenticated connections reaches “full” (60).

Question 3

Question 4

man sshd_config задает два соответствующих параметра: MaxSessions и MaxStartups

 MaxSessions
         Specifies the maximum number of open shell, login or subsystem
         (e.g. sftp) sessions permitted per network connection.  Multiple
         sessions may be established by clients that support connection
         multiplexing.  Setting MaxSessions to 1 will effectively disable
         session multiplexing, whereas setting it to 0 will prevent all
         shell, login and subsystem sessions while still permitting
         forwarding.  The default is 10.

 MaxStartups
         Specifies the maximum number of concurrent unauthenticated
         connections to the SSH daemon.  Additional connections will be
         dropped until authentication succeeds or the LoginGraceTime
         expires for a connection.  The default is 10:30:100.

         Alternatively, random early drop can be enabled by specifying the
         three colon separated values “start:rate:full” (e.g. "10:30:60").
         sshd(8) will refuse connection attempts with a probability of
         “rate/100” (30%) if there are currently “start” (10)
         unauthenticated connections.  The probability increases linearly
         and all connection attempts are refused if the number of
         unauthenticated connections reaches “full” (60).

Yaron · Answer 1 · 17 July 2018 в 21:49

man sshd_config задает два соответствующих параметра: MaxSessions и MaxStartups

 MaxSessions
         Specifies the maximum number of open shell, login or subsystem
         (e.g. sftp) sessions permitted per network connection.  Multiple
         sessions may be established by clients that support connection
         multiplexing.  Setting MaxSessions to 1 will effectively disable
         session multiplexing, whereas setting it to 0 will prevent all
         shell, login and subsystem sessions while still permitting
         forwarding.  The default is 10.

 MaxStartups
         Specifies the maximum number of concurrent unauthenticated
         connections to the SSH daemon.  Additional connections will be
         dropped until authentication succeeds or the LoginGraceTime
         expires for a connection.  The default is 10:30:100.

         Alternatively, random early drop can be enabled by specifying the
         three colon separated values “start:rate:full” (e.g. "10:30:60").
         sshd(8) will refuse connection attempts with a probability of
         “rate/100” (30%) if there are currently “start” (10)
         unauthenticated connections.  The probability increases linearly
         and all connection attempts are refused if the number of
         unauthenticated connections reaches “full” (60).

Yaron · Answer 2 · 23 July 2018 в 22:27

man sshd_config задает два соответствующих параметра: MaxSessions и MaxStartups

 MaxSessions
         Specifies the maximum number of open shell, login or subsystem
         (e.g. sftp) sessions permitted per network connection.  Multiple
         sessions may be established by clients that support connection
         multiplexing.  Setting MaxSessions to 1 will effectively disable
         session multiplexing, whereas setting it to 0 will prevent all
         shell, login and subsystem sessions while still permitting
         forwarding.  The default is 10.

 MaxStartups
         Specifies the maximum number of concurrent unauthenticated
         connections to the SSH daemon.  Additional connections will be
         dropped until authentication succeeds or the LoginGraceTime
         expires for a connection.  The default is 10:30:100.

         Alternatively, random early drop can be enabled by specifying the
         three colon separated values “start:rate:full” (e.g. "10:30:60").
         sshd(8) will refuse connection attempts with a probability of
         “rate/100” (30%) if there are currently “start” (10)
         unauthenticated connections.  The probability increases linearly
         and all connection attempts are refused if the number of
         unauthenticated connections reaches “full” (60).

Я видел это, поскольку MaxSessions не находится в sshd_config, а Max Startups - # out. Есть ли по умолчанию это запрос, или мне нужно добавить их, чтобы он работал правильно? Я просто смущен относительно того, что это означает, когда строка не добавляется в сравнении с комментариями? Также спасибо за помощь! — shiver_me_timbers, 31 January 2018 в 20:03
Также следует добавить как Max Sessions, так и Max Startups, и при этом мне нужно добавить любые другие строки, чтобы позволить каждому из них функционировать должным образом? — shiver_me_timbers, 31 January 2018 в 21:22

Не удается получить одновременное использование пользователей SFTP для входа в систему

2 ответа

Другие вопросы по тегам:

Похожие вопросы: