diff options
| author | Hans Nilsson <[email protected]> | 2014-04-23 21:45:27 +0200 | 
|---|---|---|
| committer | Hans Nilsson <[email protected]> | 2014-04-24 15:14:06 +0200 | 
| commit | 1700332e03168d577eb64b93fcae876a6ad9db3d (patch) | |
| tree | aaa215ffd1646feea250d20e8a8807b26ffde705 /lib/ssh/doc | |
| parent | 81ecc6da697a6d38cf207b48616cb298146641f9 (diff) | |
| download | otp-1700332e03168d577eb64b93fcae876a6ad9db3d.tar.gz otp-1700332e03168d577eb64b93fcae876a6ad9db3d.tar.bz2 otp-1700332e03168d577eb64b93fcae876a6ad9db3d.zip | |
ssh: Add max_session parameter to ssh:daemon
Diffstat (limited to 'lib/ssh/doc')
| -rw-r--r-- | lib/ssh/doc/src/ssh.xml | 21 | 
1 files changed, 17 insertions, 4 deletions
| diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 7fbd70c87e..57aab09cc6 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -307,18 +307,31 @@  	  <tag><c><![CDATA[{negotiation_timeout, integer()}]]></c></tag>  	  <item> -	    <p>Max time in milliseconds for the authentication negotiation.  The default value is 2 minutes. +	    <p>Max time in milliseconds for the authentication negotiation.  The default value is 2 minutes. If the client fails to login within this time, the connection is closed. +	    </p> +	  </item> + +	  <tag><c><![CDATA[{max_sessions, pos_integer()}]]></c></tag> +	  <item> +	    <p>The maximum number of simultaneous sessions that are accepted at any time for this daemon.  This includes sessions that are being authorized.  So if set to <c>N</c>, and <c>N</c> clients have connected but not started the login process, the <c>N+1</c> connection attempt will be aborted.  If <c>N</c> connections are authenticated and still logged in, no more loggins will be accepted until one of the existing ones log out. +	    </p> +	    <p>The counter is per listening port, so if two daemons are started, one with <c>{max_sessions,N}</c> and the other with <c>{max_sessions,M}</c> there will be in total <c>N+M</c> connections accepted for the whole ssh server. +	    </p> +	    <p>Note that if <c>parallel_login</c> is <c>false</c>, only one client at a time may be in the authentication phase. +	    </p> +	    <p>As default, the option is not set. This means that the number is not limited.  	    </p>  	  </item>  	  <tag><c><![CDATA[{parallel_login, boolean()}]]></c></tag>  	  <item> -	    <p>If set to false (the default value), only one login is handled a time.  If set to true, an unlimited logins will be allowed simultanously. Note that this affects only the connections with authentication in progress, not the already authenticated connections. +	    <p>If set to false (the default value), only one login is handled a time.  If set to true, an unlimited number of login attempts will be allowed simultanously. +	    </p> +	    <p>If the <c>max_sessions</c> option is set to <c>N</c> and <c>parallel_login</c> is set to <c>true</c>, the max number of simultaneous login attempts at any time is limited to <c>N-K</c> where <c>K</c> is the number of authenticated connections present at this daemon.  	    </p>  	    <warning> -	      <p>Do not enable parallel_logins without protecting the server by other means like a firewall. If set to true, there is no protection against dos attacs.</p> +	      <p>Do not enable <c>parallel_logins</c> without protecting the server by other means, for example the <c>max_sessions</c> option or a firewall configuration. If set to <c>true</c>, there is no protection against DOS attacks.</p>  	    </warning> -  	  </item>  	  <tag><c><![CDATA[{key_cb, atom()}]]></c></tag> | 
