Commit d85a6b95 authored by Evan Read's avatar Evan Read

Merge branch 'patch-67' into 'master'

Improve MaxStartups SSH settings

Closes #20445 and omnibus-gitlab#1606

See merge request gitlab-org/gitlab!25292
parents 892f68dd bdf899bb
...@@ -101,19 +101,38 @@ ssh_exchange_identification: read: Connection reset by peer ...@@ -101,19 +101,38 @@ ssh_exchange_identification: read: Connection reset by peer
fatal: Could not read from remote repository. fatal: Could not read from remote repository.
``` ```
or
```text
ssh_exchange_identification: Connection closed by remote host
fatal: The remote end hung up unexpectedly
```
This error usually indicates that SSH daemon's `MaxStartups` value is throttling This error usually indicates that SSH daemon's `MaxStartups` value is throttling
SSH connections. This setting specifies the maximum number of unauthenticated SSH connections. This setting specifies the maximum number of concurrent, unauthenticated
connections to the SSH daemon. This affects users with proper authentication connections to the SSH daemon. This affects users with proper authentication
credentials (SSH keys) because every connection is 'unauthenticated' in the credentials (SSH keys) because every connection is 'unauthenticated' in the
beginning. The default value is `10`. beginning. The default value is `10`.
Increase `MaxStartups` by adding or modifying the value in `/etc/ssh/sshd_config`: Increase `MaxStartups` on the GitLab server
by adding or modifying the value in `/etc/ssh/sshd_config`:
```text ```text
MaxStartups 100 MaxStartups 100:30:200
``` ```
Restart SSHD for the change to take effect. `100:30:200` means up to 100 SSH sessions are allowed without restriction,
after which 30% of connections will be dropped until reaching an absolute maximum of 200.
Once configured, restart the SSH daemon for the change to take effect.
```shell
# Debian/Ubuntu
sudo systemctl restart ssh
# CentOS/RHEL
sudo service sshd restart
```
## Timeout during `git push` / `git pull` ## Timeout during `git push` / `git pull`
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment