Jump Servers - Ubuntu config

Use the following steps to configure an Oracle Linux-based SSH jump server that supports port forwarding. The settings recommended in this page enable reliable and fast connectivity to a large number of devices from the Forward Networks Collector.

Start with a base Oracle Linux image

Install Oracle Linux Server release 9.2 on a VM or setup a docker container with Oracle Linux Server release 9.2 base image.

Update SSH Daemon Settings (MaxStartups and UseDNS)

MaxStartups

This parameter limits the number of concurrent unauthenticated sessions that the server permits. The default value is 10:30:60 (start dropping connections with 30% probability past 10 connections increasing linearly to 100% drop probability at 60 connections). To ensure high concurrency, we set this value to 1000. The server will then drop all connections above 1000, and none below.

• sudo vim /etc/ssh/sshd_config
• Add line MaxStartups 1000
• Save the file.

UseDNS

This parameter specifies whether sshd should look up the remote host name, and to check that the resolved host name for the remote IP address maps back to the very same IP address.

• sudo vim /etc/ssh/sshd_config
• Add line UseDNS no
• Save the file.

Restart sshd and validate changes

sudo systemctl restart sshd
sudo sshd -T | grep -i MaxStartups
# Validate that the value of MaxStartups has been updated to 1000:30:1000.
sudo sshd -T | grep -i UseDNS
# Validate that the value of UseDNS is no.

Ensure sufficient entropy for random number generation

Virtual machines usually have low entropy as they are headless machines without real keyboard or mouse devices. This leads to slow SSH logins. To fix this, install rng-tools to gather more entropy.

• sudo dnf install rng-tools
• cat /proc/sys/kernel/random/entropy_avail
  • This should unveil a number exceeding 250. Should the value dip below 200, it may indicate that the entropy for the VM is too low to support numerous concurrent logins.