There are so many ssh connnection from one user.
104 views
Skip to first unread message
Yingchun Li
Dec 20, 2025, 5:36:34 AM12/20/25
to Repo and Gerrit Discussion
Hi,
Sometimes my server's performance is very low, and some user
can not fetch/pull from the server.
Using jstack dump the jvm found there are many connection from one
user, and that user may have a very low speed.
the jstack log:
"SSH git-upload-pack /project1/external_libexpat (user1)" #160 [3706215] prio=1 os_prio=0 cpu=216114.74ms elapsed=15791.07s tid=0x00007eec5c004790 nid=3706215 waiting on condition [0x00007eec86506000]
"SSH git-upload-pack /project1/external_mmc-utils (user1)" #161 [3706216] prio=1 os_prio=0 cpu=291370.43ms elapsed=15791.06s tid=0x00007eedc4a7c600 nid=3706216 in Object.wait() [0x00007eec86404000]
"SSH git-upload-pack /project1/docs (user1)" #162 [3706217] prio=1 os_prio=0 cpu=297365.27ms elapsed=15791.05s tid=0x00007eec68093fd0 nid=3706217 in Object.wait() [0x00007eec86303000]
"SSH git-upload-pack /project1/external_libtar (user1)" #163 [3706218] prio=1 os_prio=0 cpu=416909.27ms elapsed=15791.05s tid=0x00007eec5c00ad40 nid=3706218 in Object.wait() [0x00007eec86203000]
"SSH git-upload-pack /ai/tflite-micro (user1)" #167 [3706222] prio=1 os_prio=0 cpu=366387.97ms elapsed=15791.01s tid=0x00007eedc4f6e020 nid=3706222 in Object.wait() [0x00007eec85dfe000]
"SSH git-upload-pack /project1/external_opus (user1)" #168 [3706223] prio=1 os_prio=0 cpu=214341.44ms elapsed=15791.01s tid=0x00007eec6809a010 nid=3706223 in Object.wait() [0x00007eec85cfe000]
"SSH git-upload-pack /project1/external_freetype (user1)" #170 [3706224] prio=1 os_prio=0 cpu=235611.65ms elapsed=15790.94s tid=0x00007eec6809b110 nid=3706224 in Object.wait() [0x00007eec85bfc000]
"SSH git-upload-pack /project1/external_libdivide (user1)" #169 [3706225] prio=1 os_prio=0 cpu=251039.97ms elapsed=15790.94s tid=0x00007eec5c00d910 nid=3706225 waiting on condition [0x00007eec85afc000]
"SSH git-upload-pack /project1/apps_netutils_connectedhomeip (user1)" #172 [3706226] prio=1 os_prio=0 cpu=285726.37ms elapsed=15790.94s tid=0x00007eec680967c0 nid=3706226 in Object.wait() [0x00007eec859fa000]
"SSH git-upload-pack /project1/external_libssh (user1)" #171 [3706227] prio=1 os_prio=0 cpu=318538.30ms elapsed=15790.94s tid=0x00007eedc448f1b0 nid=3706227 in Object.wait() [0x00007eec858f9000]
"SSH git-upload-pack /project2/bthost-src (user1)" #173 [3706228] prio=1 os_prio=0 cpu=246767.14ms elapsed=15790.92s tid=0x00007eec68097d90 nid=3706228 in Object.wait() [0x00007eec857f8000]
"SSH git-upload-pack /project1/apps_graphics_lvgl (user1)" #174 [3706229] prio=1 os_prio=0 cpu=346675.95ms elapsed=15790.92s tid=0x00007eec5c00ef00 nid=3706229 in Object.wait() [0x00007eec856f7000]
"SSH git-upload-pack /project1/external_ldns (user1)" #175 [3706230] prio=1 os_prio=0 cpu=254600.28ms elapsed=15790.92s tid=0x00007eedc4490320 nid=3706230 in Object.wait() [0x00007eec855f6000]
"SSH git-upload-pack /project1/external_fluoride (user1)" #176 [3706231] prio=1 os_prio=0 cpu=292875.10ms elapsed=15790.92s tid=0x00007eec68099620 nid=3706231 in Object.wait() [0x00007eec854f5000]
"SSH git-upload-pack /project1/external_mmc-utils (user1)" #161 [3706216] prio=1 os_prio=0 cpu=291370.43ms elapsed=15791.06s tid=0x00007eedc4a7c600 nid=3706216 in Object.wait() [0x00007eec86404000]
"SSH git-upload-pack /project1/docs (user1)" #162 [3706217] prio=1 os_prio=0 cpu=297365.27ms elapsed=15791.05s tid=0x00007eec68093fd0 nid=3706217 in Object.wait() [0x00007eec86303000]
"SSH git-upload-pack /project1/external_libtar (user1)" #163 [3706218] prio=1 os_prio=0 cpu=416909.27ms elapsed=15791.05s tid=0x00007eec5c00ad40 nid=3706218 in Object.wait() [0x00007eec86203000]
"SSH git-upload-pack /ai/tflite-micro (user1)" #167 [3706222] prio=1 os_prio=0 cpu=366387.97ms elapsed=15791.01s tid=0x00007eedc4f6e020 nid=3706222 in Object.wait() [0x00007eec85dfe000]
"SSH git-upload-pack /project1/external_opus (user1)" #168 [3706223] prio=1 os_prio=0 cpu=214341.44ms elapsed=15791.01s tid=0x00007eec6809a010 nid=3706223 in Object.wait() [0x00007eec85cfe000]
"SSH git-upload-pack /project1/external_freetype (user1)" #170 [3706224] prio=1 os_prio=0 cpu=235611.65ms elapsed=15790.94s tid=0x00007eec6809b110 nid=3706224 in Object.wait() [0x00007eec85bfc000]
"SSH git-upload-pack /project1/external_libdivide (user1)" #169 [3706225] prio=1 os_prio=0 cpu=251039.97ms elapsed=15790.94s tid=0x00007eec5c00d910 nid=3706225 waiting on condition [0x00007eec85afc000]
"SSH git-upload-pack /project1/apps_netutils_connectedhomeip (user1)" #172 [3706226] prio=1 os_prio=0 cpu=285726.37ms elapsed=15790.94s tid=0x00007eec680967c0 nid=3706226 in Object.wait() [0x00007eec859fa000]
"SSH git-upload-pack /project1/external_libssh (user1)" #171 [3706227] prio=1 os_prio=0 cpu=318538.30ms elapsed=15790.94s tid=0x00007eedc448f1b0 nid=3706227 in Object.wait() [0x00007eec858f9000]
"SSH git-upload-pack /project2/bthost-src (user1)" #173 [3706228] prio=1 os_prio=0 cpu=246767.14ms elapsed=15790.92s tid=0x00007eec68097d90 nid=3706228 in Object.wait() [0x00007eec857f8000]
"SSH git-upload-pack /project1/apps_graphics_lvgl (user1)" #174 [3706229] prio=1 os_prio=0 cpu=346675.95ms elapsed=15790.92s tid=0x00007eec5c00ef00 nid=3706229 in Object.wait() [0x00007eec856f7000]
"SSH git-upload-pack /project1/external_ldns (user1)" #175 [3706230] prio=1 os_prio=0 cpu=254600.28ms elapsed=15790.92s tid=0x00007eedc4490320 nid=3706230 in Object.wait() [0x00007eec855f6000]
"SSH git-upload-pack /project1/external_fluoride (user1)" #176 [3706231] prio=1 os_prio=0 cpu=292875.10ms elapsed=15790.92s tid=0x00007eec68099620 nid=3706231 in Object.wait() [0x00007eec854f5000]
...
grep user1 jstack3.txt | wc -l
54 That’s strange— I’ve already limited the maximum number of concurrent SSH connections per user by setting sshd.maxConnectionsPerUser = 8 in gerrit.config:
[sshd]
listenAddress = *:29418
threads = 64
batchThreads = 3
CommandStartThreads = 6
waitTimeout = 10m
enableChannelIdTracking = false
maxConnectionsPerUser = 8
listenAddress = *:29418
threads = 64
batchThreads = 3
CommandStartThreads = 6
waitTimeout = 10m
enableChannelIdTracking = false
maxConnectionsPerUser = 8
Yet, I’m still seeing a large number of simultaneous connections from a single user (e.g., user1).
Could I be missing something? Are there additional settings that might override or bypass this limit?
I’ve attached the jstack log for reference—any hints or suggestions would be greatly appreciated!
Gerrit version is 3.10.8, and cpu is 16 cores, and the jvm memory is 56G.
Yingchun Li
Dec 23, 2025, 1:41:09 AM12/23/25
to Repo and Gerrit Discussion
Now I setup a test server and can reproduce the issue.
batchThreads = 3
CommandStartThreads = 6
waitTimeout = 10m
enableChannelIdTracking = false
the settings,
[sshd]
listenAddress = *:29418
listenAddress = *:29418
threads = 16
batchThreads = 3
CommandStartThreads = 6
waitTimeout = 10m
enableChannelIdTracking = false
maxConnectionsPerUser = 4
then ran repo sync -j96(yes, some users use such an aggressive job count), then
then ran repo sync -j96(yes, some users use such an aggressive job count), then
there are 13(sshd.threads - sshd.batchThreads) SSH git-upload-pack(from jstack),
and there are no any error message on client.
From the server
ssh -p admin@xxx gerrit show-connections
show only one connection.
So the "maxConnectionsPerUser = 4" is meanless in this scenario.
Maybe the quota plugin can resolve the problem, will try to install the plugin.
mfick
Dec 23, 2025, 4:01:23 PM12/23/25
to Repo and Gerrit Discussion
On Monday, December 22, 2025 at 10:41:09 PM UTC-8 sword.l...@gmail.com wrote:
then ran repo sync -j96(yes, some users use such an aggressive job count), thenthere are 13(sshd.threads - sshd.batchThreads) SSH git-upload-pack(from jstack),and there are no any error message on client.From the serverssh -p admin@xxx gerrit show-connectionsshow only one connection.
repo tool use ssh control master to share operations on the same connection, so indeed the connection limit will be useless to prevent this. This also will wreak havoc with any sort of load balancer setup you have since it will send all the commands to one server. This can be used as an incentive to help train your customers since they generally will get better performance if they disable this feature (search the list to undrestand how)
So the "maxConnectionsPerUser = 4" is meanless in this scenario.Maybe the quota plugin can resolve the problem, will try to install the plugin.
If configured properly, this should indeed help protect your server in these situations,
-Martin
Yingchun Li
Dec 24, 2025, 2:19:20 AM12/24/25
to Repo and Gerrit Discussion
On Wednesday, December 24, 2025 at 5:01:23 AM UTC+8 mfick wrote:
On Monday, December 22, 2025 at 10:41:09 PM UTC-8 sword.l...@gmail.com wrote:then ran repo sync -j96(yes, some users use such an aggressive job count), thenthere are 13(sshd.threads - sshd.batchThreads) SSH git-upload-pack(from jstack),and there are no any error message on client.From the serverssh -p admin@xxx gerrit show-connectionsshow only one connection.repo tool use ssh control master to share operations on the same connection, so indeed the connection limit will be useless to prevent this. This also will wreak havoc with any sort of load balancer setup you have since it will send all the commands to one server. This can be used as an incentive to help train your customers since they generally will get better performance if they disable this feature (search the list to undrestand how)
Get it, Thanks for you explaining.
So the "maxConnectionsPerUser = 4" is meanless in this scenario.Maybe the quota plugin can resolve the problem, will try to install the plugin.If configured properly, this should indeed help protect your server in these situations,
Yes, I will try to setup the Quota plugin.thanks
-Martin
Reply all
Reply to author
Forward
0 new messages