On Fri, Jun 16, 2006 at 09:52:05AM -0700, Rich Turner wrote: > This seems to be working just fine. Thanks for the help. > > I must admit I am not that verse with C programming. Can you tell me what I > just did by commenting out "m_close(svr_ses.childpipe)" in svr-auth.c. I > would like to know what I did so that if something odd happens I may be able > to relate it to the change I made.
Whenever the listening Dropbear process accepts a new incoming connection, it forks off a separate child process to handle it. A pipe is kept open between the listening process and the child process, which is used to indicate whether authentication has occurred. When the child session has been authenticated, it closes the pipe and the main listener can then keep count of how many unauthenticated sessions exist at a point in time. By commenting out that line, the listening process won't ever recognise the process as "authenticated", except until the child session exits and the pipe is closed. It will apply the "unauthenticated connection limit" to all processes regardless of their state. Past that limit it will simply close connections immediately. > Also, the error message that I receive when a second client attempts to > connect is "dbclient: connection to [EMAIL PROTECTED]:22 exited: Failed to > get > remote version". I would prefer that the error message indicate that I have > exceeded the maximum number of concurrent connections. I have found in > common.session.c where I can change the text, but I do not want to change it > if this would be a valid error for another reason other than maximum > connections exceeding. Under what circumstances would I get this error? The current error message is somewhat misleading. It basically happens any time there's a connection failure in the earliest part of the session setup. In this case, the server is closing the connection immediately (since that's most appropriate for closing pre-auth connections). Something like "Remote host closed the connection" is probably more appropriate. To send a specific "connection limit exceeded" type message the server would have to send a more useful disconnect message, though Dropbear is currently a bit lacking in that area - it's on the todo list. Matt