Is it possible to increase TCP listen backlog for sshd?
Environment
- Red Hat Enterprise Linux 6, 7, 8, 9
- openssh-server
Issue
- Is it possible to increase TCP listen backlog for sshd?
Resolution
- No, the backlog argument of listen() is a hardcoded value with a macro definition, SSH_LISTEN_BACKLOG.
openssh-8.7p1-10.el9_0(RHEL9)/sshd.c:
static void
listen_on_addrs(struct listenaddr *la)
{
...
/* Start listening on the port. */
if (listen(listen_sock, SSH_LISTEN_BACKLOG) == -1)
fatal("listen on [%s]:%s: %.100s",
ntop, strport, strerror(errno));
logit("Server listening on %s port %s%s%s.",
ntop, strport,
la->rdomain == NULL ? "" : " rdomain ",
la->rdomain == NULL ? "" : la->rdomain);
}
}
openssh-8.7p1-10.el9_0(RHEL9)/ssh.h:
/* Listen backlog for sshd, ssh-agent and forwarding sockets */
#define SSH_LISTEN_BACKLOG 128
Diagnostic Steps
# ss -npl src :22
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=722,fd=3))
tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=722,fd=4))
# sysctl net.core.somaxconn
net.core.somaxconn = 4096
SBR
Product(s)
Components
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.