)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"1f37c799aff52c33163036b6a42640487a912175","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"8a66538a_20f13a73","updated":"2022-08-17 20:24:11.000000000","message":"Two comments inline, but I\u0027m also fine with merging as-is as a first iteration.","commit_id":"a6d4fae07098546f5d61b32e62b7053946064e9a"}],"nodepool/elements/infra-package-needs/post-install.d/89-sshd":[{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"1f37c799aff52c33163036b6a42640487a912175","unresolved":true,"context_lines":[{"line_number":36,"context_line":"# Default LoginGraceTime is 120. Reduce that to 30 to cycle connections more"},{"line_number":37,"context_line":"# quickly."},{"line_number":38,"context_line":"sed -i -e \u0027/LoginGraceTime/d\u0027 /etc/ssh/sshd_config \\"},{"line_number":39,"context_line":"    \u0026\u0026 echo \"LoginGraceTime 30\" \u003e\u003e /etc/ssh/sshd_config"},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"# NOTE(clarkb): SSH scanners may be affecting Zuul ssh connectivity"},{"line_number":42,"context_line":"# Default MaxStartups is 10:30:100 which means after 10 unauthenticated"}],"source_content_type":"application/x-shellscript","patch_set":1,"id":"6e83f7f1_43fb3f29","line":39,"updated":"2022-08-17 20:24:11.000000000","message":"Given that we do not allow interactive login, we might consider even dropping this further. Except maybe for logins from humans that need time to unlock their key with a passphrase?","commit_id":"a6d4fae07098546f5d61b32e62b7053946064e9a"},{"author":{"_account_id":4146,"name":"Clark Boylan","email":"cboylan@sapwetik.org","username":"cboylan"},"change_message_id":"2098f5cf62ebdec5aa195688a9d3fc4ce9e36f93","unresolved":true,"context_lines":[{"line_number":36,"context_line":"# Default LoginGraceTime is 120. Reduce that to 30 to cycle connections more"},{"line_number":37,"context_line":"# quickly."},{"line_number":38,"context_line":"sed -i -e \u0027/LoginGraceTime/d\u0027 /etc/ssh/sshd_config \\"},{"line_number":39,"context_line":"    \u0026\u0026 echo \"LoginGraceTime 30\" \u003e\u003e /etc/ssh/sshd_config"},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"# NOTE(clarkb): SSH scanners may be affecting Zuul ssh connectivity"},{"line_number":42,"context_line":"# Default MaxStartups is 10:30:100 which means after 10 unauthenticated"}],"source_content_type":"application/x-shellscript","patch_set":1,"id":"e1ff639d_0492c60a","line":39,"in_reply_to":"6e83f7f1_43fb3f29","updated":"2022-08-17 22:20:35.000000000","message":"Yes infra-root logging in was my concern with dropping it too low.","commit_id":"a6d4fae07098546f5d61b32e62b7053946064e9a"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"1f37c799aff52c33163036b6a42640487a912175","unresolved":true,"context_lines":[{"line_number":43,"context_line":"# connections randomly drop 30% of connections with an increasing"},{"line_number":44,"context_line":"# percentage until 100 connections is reached."},{"line_number":45,"context_line":"sed -i -e \u0027/MaxStartups/d\u0027 /etc/ssh/sshd_config \\"},{"line_number":46,"context_line":"    \u0026\u0026 echo \"MaxStartups 30:10:100\" \u003e\u003e /etc/ssh/sshd_config"}],"source_content_type":"application/x-shellscript","patch_set":1,"id":"3e7e6f97_06116e2e","line":46,"updated":"2022-08-17 20:24:11.000000000","message":"I don\u0027t think that these random drops are helpful at all in our CI environment, IMO they are meant to help a loaded system being used by a lot of interactive sessions. Why not just set a fixed maximum, like 100, which seems to be a reasonable limit by default?","commit_id":"a6d4fae07098546f5d61b32e62b7053946064e9a"},{"author":{"_account_id":4146,"name":"Clark Boylan","email":"cboylan@sapwetik.org","username":"cboylan"},"change_message_id":"852024ec2f683f298c14ce3c8c462522856120cf","unresolved":true,"context_lines":[{"line_number":43,"context_line":"# connections randomly drop 30% of connections with an increasing"},{"line_number":44,"context_line":"# percentage until 100 connections is reached."},{"line_number":45,"context_line":"sed -i -e \u0027/MaxStartups/d\u0027 /etc/ssh/sshd_config \\"},{"line_number":46,"context_line":"    \u0026\u0026 echo \"MaxStartups 30:10:100\" \u003e\u003e /etc/ssh/sshd_config"}],"source_content_type":"application/x-shellscript","patch_set":1,"id":"182580d7_34fc417d","line":46,"in_reply_to":"3e7e6f97_06116e2e","updated":"2022-08-17 22:13:59.000000000","message":"Ya I guess we could set it to \u0027MaxStartups 100\u0027 and call that good? I think that is valid config. Maybe start here and update to that if we still have problems.","commit_id":"a6d4fae07098546f5d61b32e62b7053946064e9a"}]}