Solved

Only one SSH session per user

Posted on 2009-07-15
5
446 Views
Last Modified: 2012-05-07
Hello,

I'm currently looking for a way to limit the users who connect to my server using SSH to only one session per user.
My users can only connect to open SSH Tunnels, they can't do anything but this. I'm using "/bin/false" as a shell for them, and they are authenticated by private/public keys pairs.

I haven't found a "clean" way to achieve this, and for now I'm only thinking about making a cron task that:
- Enumerates the users I've put in a file (so only the users I choose are concerned by the process)
- For each user, show his running processes, only keep the "sshd" ones, order by date (descending) and skip the first line : you get a list of "sshd" processes, and you've skipped the most recent
- Then kill each of these processes, so the only one remaining is the most recent (ie the last opened session)

This is the dirty idea I have in mind, but I'm sure some of you have something really better to suggest :)

Thanks in advance
0
Comment
Question by:morveus
  • 3
  • 2
5 Comments
 
LVL 14

Expert Comment

by:flob9
ID: 24857279
Couldnt you set "max user processes" to 1 for them?
(ulimit -u)
0
 

Author Comment

by:morveus
ID: 24857428
Hello and thanks for your answer,

I've tried "ulimit -u 1" on one of my users, but I'm not sure this is the way it works...
When doing "ulimit -u" with this user, the output displays "1", so I guess it's ok, but if I close the session and open another session with the user, "ulimit -u" goes back to "unlimited".

Where am I wrong ?

Thanks a lot
0
 
LVL 14

Accepted Solution

by:
flob9 earned 500 total points
ID: 24857458
Hmmm ...

Another way : check the /etc/security/limits.conf file, there should be anything you need here.
0
 

Author Comment

by:morveus
ID: 24857460
It's me again : thanks to you, I've searched Google for "ulimit" and finally I found something about the "/etc/security/limits.conf"

I've added this :
user_name hard nproc 1

And it's working ! The user can only start an sshd process (using plink for instance), but no shell, nothing else ;)

Thanks a lot !
0
 
LVL 14

Expert Comment

by:flob9
ID: 24857474
maxlogins 1
for your user group ... this should work
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Currently, there is not an RPM package available under the RHEL/Fedora/CentOS distributions that gives you a quick and easy way to allow PHP to interface with Oracle. As a result, I have included a set of instructions on how to do this with minimal …
In this tutorial I will explain how to make squid prevent malwares in five easy steps: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now