iCompaas Support

Profile Applicability:
 • Level 1

Description:
 The MaxSessions option in the SSH daemon (sshd) configuration limits the number of open sessions permitted per network connection. Proper configuration helps prevent resource exhaustion and potential denial-of-service attacks.

Rationale:
 Limiting the number of sessions per connection controls resource usage, enhancing system stability and security.

Impact:
 Pros:

• Prevents excessive resource consumption by limiting concurrent sessions.
  
  

• Reduces risk of denial-of-service conditions.
  
  

Cons:

• May impact legitimate users requiring multiple sessions over a single connection.
  
  

Default Value:
 Defaults vary; some SSH versions allow unlimited sessions unless specified.

Pre-requisites:

• Root or sudo privileges to modify SSH daemon configuration.
  
  

Remediation:

Test Plan:

Using Linux command line:

Check current MaxSessions setting in /etc/ssh/sshd_config:

grep ^MaxSessions /etc/ssh/sshd_config

Verify the configured value.

Implementation Plan:

Using Linux command line:

Edit /etc/ssh/sshd_config:

vi /etc/ssh/sshd_config

Add or update the MaxSessions directive, for example:

MaxSessions 10

Save the file and restart sshd:

systemctl restart sshd

Confirm the setting:

grep ^MaxSessions /etc/ssh/sshd_config

Backout Plan:

Using Linux command line:

1. Revert to previous MaxSessions value if necessary.
   
   

2. Restart sshd and verify usability.
   
   

References:

• NIST SP 800-53 Revision 5 - SC-5