Discussion:
sshd - limiting sequential no. or files opened via sftp in kate?
(too old to reply)
David C. Rankin
2018-06-07 06:44:37 UTC
Permalink
All,

Not sure where to look for this. I have always kept kate projects different
things like, different application development, different web-site editing,
etc... Many of the projects I keep on my Arch server and have kate open the
files via the sftp kioslave (or whatever it is called now)

For some reason, now when I open remote projects on the server, the first 15
or so files open without issue. Anything over that fails with a connection
error and the files are opened as "Untitled" and are empty (simply pressing
"Reload" completes the opening without issue), but that has to occur after
kate is open, and not when the project is attempting to load the files
sequentially all at once.

The journal shows no error, just the normal sshd key authorization, etc. as
session through (c17) are opened, e.g.

Jun 07 01:29:04 valkyrie sshd[9269]: Accepted publickey for david from
192.168.6.104 port 56170 ssh2: ECDSA
SHA256:97TPKWvaGks+sjneobeoY9RpK1Hznnh8xJCjbcAWrkQ
Jun 07 01:29:04 valkyrie sshd[9268]: Accepted publickey for david from
192.168.6.104 port 56168 ssh2: ECDSA
SHA256:97TPKWvaGks+sjneobeoY9RpK1Hznnh8xJCjbcAWrkQ
Jun 07 01:29:04 valkyrie sshd[9269]: pam_unix(sshd:session): session opened
for user david by (uid=0)
Jun 07 01:29:04 valkyrie sshd[9268]: pam_unix(sshd:session): session opened
for user david by (uid=0)
Jun 07 01:29:04 valkyrie systemd-logind[539]: New session c5 of user david.
Jun 07 01:29:04 valkyrie systemd[1]: Started Session c5 of user david.
Jun 07 01:29:04 valkyrie systemd-logind[539]: New session c6 of user david.
Jun 07 01:29:04 valkyrie systemd[1]: Started Session c6 of user david.
Jun 07 01:29:05 valkyrie sshd[9274]: userauth_pubkey: key type ssh-dss not in
PubkeyAcceptedKeyTypes [preauth]
Jun 07 01:29:05 valkyrie sshd[9275]: userauth_pubkey: key type ssh-dss not in
PubkeyAcceptedKeyTypes [preauth]
Jun 07 01:29:05 valkyrie sshd[9272]: userauth_pubkey: key type ssh-dss not in
PubkeyAcceptedKeyTypes [preauth]
Jun 07 01:29:05 valkyrie sshd[9274]: Accepted publickey for david from
192.168.6.104 port 56174 ssh2: ECDSA
SHA256:97TPKWvaGks+sjneobeoY9RpK1Hznnh8xJCjbcAWrkQ
Jun 07 01:29:05 valkyrie sshd[9274]: pam_unix(sshd:session): session opened
for user david by (uid=0)
Jun 07 01:29:05 valkyrie systemd-logind[539]: New session c7 of user david.
Jun 07 01:29:05 valkyrie systemd[1]: Started Session c7 of user david.
...

I don't see any failures at all in the logs, which I would expect given the
connection failure. Any ideas on what could be causing this?

I don't any longer, but there were times in the past I would have 120 files
in a project and had no problems at all opening the project either across the
LAN or remotes via the internet on my office server. So this seems like it is
some protection designed to prevent hackers from hammering your server with
ssh requests -- but it seems like it is having the side effect of preventing
me from loading projects with more than say 20 files via sftp.
--
David C. Rankin, J.D.,P.E.
Nero Claudius Drusus via arch-general
2018-06-07 13:03:02 UTC
Permalink
Could it be that you have run out of inotify watches? Try increasing it and
see if that helps.

On Thu, Jun 7, 2018, 12:44 AM David C. Rankin <
Post by David C. Rankin
All,
Not sure where to look for this. I have always kept kate projects different
things like, different application development, different web-site editing,
etc... Many of the projects I keep on my Arch server and have kate open the
files via the sftp kioslave (or whatever it is called now)
For some reason, now when I open remote projects on the server, the first 15
or so files open without issue. Anything over that fails with a connection
error and the files are opened as "Untitled" and are empty (simply pressing
"Reload" completes the opening without issue), but that has to occur after
kate is open, and not when the project is attempting to load the files
sequentially all at once.
The journal shows no error, just the normal sshd key authorization, etc. as
session through (c17) are opened, e.g.
Jun 07 01:29:04 valkyrie sshd[9269]: Accepted publickey for david from
192.168.6.104 port 56170 ssh2: ECDSA
SHA256:97TPKWvaGks+sjneobeoY9RpK1Hznnh8xJCjbcAWrkQ
Jun 07 01:29:04 valkyrie sshd[9268]: Accepted publickey for david from
192.168.6.104 port 56168 ssh2: ECDSA
SHA256:97TPKWvaGks+sjneobeoY9RpK1Hznnh8xJCjbcAWrkQ
Jun 07 01:29:04 valkyrie sshd[9269]: pam_unix(sshd:session): session opened
for user david by (uid=0)
Jun 07 01:29:04 valkyrie sshd[9268]: pam_unix(sshd:session): session opened
for user david by (uid=0)
Jun 07 01:29:04 valkyrie systemd-logind[539]: New session c5 of user david.
Jun 07 01:29:04 valkyrie systemd[1]: Started Session c5 of user david.
Jun 07 01:29:04 valkyrie systemd-logind[539]: New session c6 of user david.
Jun 07 01:29:04 valkyrie systemd[1]: Started Session c6 of user david.
Jun 07 01:29:05 valkyrie sshd[9274]: userauth_pubkey: key type ssh-dss not in
PubkeyAcceptedKeyTypes [preauth]
Jun 07 01:29:05 valkyrie sshd[9275]: userauth_pubkey: key type ssh-dss not in
PubkeyAcceptedKeyTypes [preauth]
Jun 07 01:29:05 valkyrie sshd[9272]: userauth_pubkey: key type ssh-dss not in
PubkeyAcceptedKeyTypes [preauth]
Jun 07 01:29:05 valkyrie sshd[9274]: Accepted publickey for david from
192.168.6.104 port 56174 ssh2: ECDSA
SHA256:97TPKWvaGks+sjneobeoY9RpK1Hznnh8xJCjbcAWrkQ
Jun 07 01:29:05 valkyrie sshd[9274]: pam_unix(sshd:session): session opened
for user david by (uid=0)
Jun 07 01:29:05 valkyrie systemd-logind[539]: New session c7 of user david.
Jun 07 01:29:05 valkyrie systemd[1]: Started Session c7 of user david.
...
I don't see any failures at all in the logs, which I would expect given the
connection failure. Any ideas on what could be causing this?
I don't any longer, but there were times in the past I would have 120 files
in a project and had no problems at all opening the project either across the
LAN or remotes via the internet on my office server. So this seems like it is
some protection designed to prevent hackers from hammering your server with
ssh requests -- but it seems like it is having the side effect of preventing
me from loading projects with more than say 20 files via sftp.
--
David C. Rankin, J.D.,P.E.
David C. Rankin
2018-06-08 09:02:04 UTC
Permalink
[long email, so top-posting]
MaxSessions and MaxStartups in /etc/ssh/sshd_config?
Cheers,
L.
You are brilliant, it ended up being MaxStartups, added 20 to the default, e.g.

#MaxStartups 10:30:100
MaxStartups 30:50:100

And all files opened just fine. I tried increasing MaxSessions first -- no help.

Ralph, thanks, I too have:

# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server

It looks like MaxStartups was the setting at issue. I'm glad it is there (I
haven't had any huge kate project since 2012/13) It just caught me a bit by
surprise when I opened an old web-site project with 34 files in it.
--
David C. Rankin, J.D.,P.E.
Ralph Corderoy
2018-06-08 06:01:58 UTC
Permalink
Hi David,
kate open the files via the sftp kioslave (or whatever it is called
now)
For some reason, now when I open remote projects on the server, the
first 15 or so files open without issue. Anything over that fails
with a connection error
MaxSessions and MaxStartups in /etc/ssh/sshd_config?
Also, check what Kate is really using, i.e. if it is sftp(1) then
examine sshd_config(5) for `Subsystem' to see if an external server is
being used, here it's

# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server

and then try sftp-server(8)'s `-l' to gain more logging.
--
Cheers, Ralph.
https://plus.google.com/+RalphCorderoy
Loading...