baude
commented
1 month ago @jakecorrenti you were sort of most recent to mess with the SSH code, what do you think here?
Open wbrefvem opened 2 months ago
baude
commented
1 month ago @jakecorrenti you were sort of most recent to mess with the SSH code, what do you think here?
jakecorrenti
commented
1 month ago If I'm understanding this correctly, it's a matter of changing the /etc/ssh/sshd_config file in the guest?
If this is something we want to support I could see it looking like podman machine init --max-ssh-sessions or podman machine set --max-ssh-sessions. We could even just have some documentation about how to do this manually.
I don't know enough about this to determine if there are any security or performance implications that we need to be concerned about.
Luap99
commented
1 month ago I don't think it must be configurable, given we only allow access from localhost anyway I see no real risk or performance problems here.
The question is more what limit do we want to set? 1000, more, less...?
I am not sure what the exact limit is set, I was able to run more than 10 podman-remote process concurrently but it started to fail when going towards 100 so I can reproduce but the question is what is reasonable?
jakecorrenti
commented
1 month ago I think answering "what is reasonable" is difficult. There's always going to be a user that isn't satisfied with the default we choose.
This is the first time I've seen an issue come up with this, so I'm leaning towards leaving the sshd config as is. We can always direct the user on how to change the sshd config or we can add some documentation
@Luap99 @baude wdyt
Luap99
commented
1 month ago This is the first time I've seen an issue come up with this, so I'm leaning towards leaving the sshd config as is. We can always direct the user on how to change the sshd config or we can add some documentation
Sure but there is always a first time for any problem/bug. I don't see any negatives by increasing the limits. From limited testing after a certain point connections are "randomly dropped" (i.e. there doesn't seem to be a fixed number after which is starts failing) which is very hard for users to debug or understand and that just leads to a lot of wasted debugging time on all sides (even for us when they report bugs).
As such I think having a higher limit is a positive thing. Another alternative could be to switch the remote client with machine over to use the exposed API unix socket and use a ssh connection per cli command.
github-actions[bot]
commented
2 weeks ago A friendly reminder that this issue had no activity for 30 days.
Feature request description
Currently, podman machine uses the default 10 max ssh connections, which causes errors in situations like the one described here: https://github.com/kubernetes-sigs/kind/issues/3742 .
Suggest potential solution
Manually increasing the max connections through
MaxSessionsandMaxStartupsin an sshd config works, so automatically increasing it when creating the podman machine should be a straightforward approach.