Hi, My colleague Thomas noticed some unexpected behaviour in recent dropbear versions. It unexpectedly limits concurrent logins, apparently to MAX_UNAUTH_CLIENTS.
I expected that setting to limit how many pre-authorisation clients can connect, but have no effect on the number of authorised clients. That's how versions dropbear prior to c7b7c9a99 behave. I checked the mailing list archives back to January. Nothing. Steps to reproduce on a normal x86 debian box below. Matt ---------------------------------------------------------------------- 0. Perfectly normal x86 linux box, not some weird embedded system uname -a Linux hec 5.17.0-1-amd64 #1 SMP PREEMPT Debian 5.17.3-1 (2022-04-18) x86_64 GNU/Linux 1. Build c7b7c9a99 with this in localoptions.h: #define MAX_UNAUTH_CLIENTS 2 make clean && ./configure && make 2. Set up key file and start SSH server ./dropbearkey -t rsa -f rsa_host_key sudo ./dropbear -E -p 8000 -F -r ./rsa_host_key 3. Test having three parallel SSH sessions open: ssh -p 8000 127.0.0.1 // in one xterm. works. ssh -p 8000 127.0.0.1 // in a second xterm. also works. ssh -p 8000 127.0.0.1 // fails kex_exchange_identification: Connection closed by remote host 4. Rebuild with ebb4018889 make clean && ./configure && make Retry step 3. Now it works fine. (5. Rebuild c7b7c9a99 with #define DROPBEAR_REEXEC 0. Also works fine. So it looks like REEXEC is doing something something different with either file descriptors or a count of the connections.) ---------------------------------------------------------------------- --eot--