I was able to confirm this behavior is present on plucky, but not
oracular.
I created a new LXD container, and ran:
$ echo "PerSourceMaxStartups 3" >> /etc/ssh/sshd_config.d/per-source-
max-startups.conf
Then I added a key to authorized_keys etc, and then made 4 connection
attempts from my host to the container. On the 4th attempt, the
connection failed. In the container, I saw:
$ journalctl -u ssh -b
May 02 19:03:12 p systemd[1]: Starting ssh.service - OpenBSD Secure Shell
server...
May 02 19:03:12 p sshd[483]: Server listening on 0.0.0.0 port 22.
May 02 19:03:12 p sshd[483]: Server listening on :: port 22.
May 02 19:03:12 p systemd[1]: Started ssh.service - OpenBSD Secure Shell server.
May 02 19:03:16 p sshd-session[504]: Accepted publickey for ubuntu from
10.19.111.1 port 50302 ssh2: RSA
SHA256:VMGz6tsZ02V9ratWlExePp9LaOe2qIr7SiWLHP2aGrM
May 02 19:03:16 p sshd-session[504]: pam_unix(sshd:session): session opened for
user ubuntu(uid=1000) by ubuntu(uid=0)
May 02 19:03:18 p sshd-session[589]: Accepted publickey for ubuntu from
10.19.111.1 port 48300 ssh2: RSA
SHA256:VMGz6tsZ02V9ratWlExePp9LaOe2qIr7SiWLHP2aGrM
May 02 19:03:18 p sshd-session[589]: pam_unix(sshd:session): session opened for
user ubuntu(uid=1000) by ubuntu(uid=0)
May 02 19:03:21 p sshd-session[649]: Accepted publickey for ubuntu from
10.19.111.1 port 48308 ssh2: RSA
SHA256:VMGz6tsZ02V9ratWlExePp9LaOe2qIr7SiWLHP2aGrM
May 02 19:03:21 p sshd-session[649]: pam_unix(sshd:session): session opened for
user ubuntu(uid=1000) by ubuntu(uid=0)
May 02 19:03:24 p sshd[483]: error: beginning MaxStartups throttling
May 02 19:03:24 p sshd[483]: drop connection #0 from [10.19.111.1]:48320 on
[10.19.111.16]:22 past Maxstartups
May 02 19:09:07 p sshd[483]: error: in MaxStartups throttling for 00:05:43, 3
connections dropped
May 02 19:09:07 p sshd[483]: drop connection #0 from [10.19.111.1]:39950 on
[10.19.111.16]:22 past Maxstartups
** Changed in: openssh (Ubuntu)
Status: New => Confirmed
** Changed in: openssh (Ubuntu)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2109831
Title:
PerSourceMaxStartups setting now preventing all ssh access
Status in openssh package in Ubuntu:
Confirmed
Bug description:
I used to have "PerSourceMaxStartups 3" as a setting in a config file
in /etc/ssh/sshd_config.d
However, after the upgrade to Plucky this eventually prevents ALL ssh
access to the system.
It seems to allow 3 connexions, then denies all access until the ssh
server is restarted.
It was fine in Oracular.
ProblemType: Bug
DistroRelease: Ubuntu 25.04
Package: openssh-server 1:9.9p1-3ubuntu3.1
ProcVersionSignature: Ubuntu 6.14.0-15.15-generic 6.14.0
Uname: Linux 6.14.0-15-generic x86_64
ApportVersion: 2.32.0-0ubuntu5
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: KDE
Date: Fri May 2 11:36:02 2025
InstallationDate: Installed on 2024-10-12 (202 days ago)
InstallationMedia: Kubuntu 24.10 "Oracular Oriole" - Release amd64
(20241007.6)
SourcePackage: openssh
UpgradeStatus: Upgraded to plucky on 2025-04-26 (5 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2109831/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
