Make the maximum number of sessions run-time controllable via

a sshd_config MaxSessions knob. This is useful for disabling
login/shell/subsystem access while leaving port-forwarding working
(MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or
simply increasing the number of allows multiplexed sessions.

Because some bozos are sure to configure MaxSessions in excess of the
number of available file descriptors in sshd (which, at peak, might be
as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds
on error paths, and make it fail gracefully on out-of-fd conditions -
sending channel errors instead of than exiting with fatal().

bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com

ok markus@

1 files changed, 2 insertions, 1 deletions

diff --git a/usr.bin/ssh/sshd_config b/usr.bin/ssh/sshd_config
index eeca08087a9..8dea49e8bb3 100644
--- a/usr.bin/ssh/sshd_config
+++ b/usr.bin/ssh/sshd_config
@@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.78 2008/05/07 06:43:35 pyr Exp $
+#	$OpenBSD: sshd_config,v 1.79 2008/05/08 12:21:16 djm Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -39,6 +39,7 @@ Protocol 2
 #PermitRootLogin yes
 #StrictModes yes
 #MaxAuthTries 6
+#MaxSessions 10
 
 #RSAAuthentication yes
 #PubkeyAuthentication yes