I'm currently looking for a way to limit the users who connect to my server using SSH to only one session per user.
My users can only connect to open SSH Tunnels, they can't do anything but this. I'm using "/bin/false" as a shell for them, and they are authenticated by private/public keys pairs.
I haven't found a "clean" way to achieve this, and for now I'm only thinking about making a cron task that:
- Enumerates the users I've put in a file (so only the users I choose are concerned by the process)
- For each user, show his running processes, only keep the "sshd" ones, order by date (descending) and skip the first line : you get a list of "sshd" processes, and you've skipped the most recent
- Then kill each of these processes, so the only one remaining is the most recent (ie the last opened session)
This is the dirty idea I have in mind, but I'm sure some of you have something really better to suggest :)
Thanks in advance