Only one SSH session per user

Hello,

I'm currently looking for a way to limit the users who connect to my server using SSH to only one session per user.
My users can only connect to open SSH Tunnels, they can't do anything but this. I'm using "/bin/false" as a shell for them, and they are authenticated by private/public keys pairs.

I haven't found a "clean" way to achieve this, and for now I'm only thinking about making a cron task that:
- Enumerates the users I've put in a file (so only the users I choose are concerned by the process)
- For each user, show his running processes, only keep the "sshd" ones, order by date (descending) and skip the first line : you get a list of "sshd" processes, and you've skipped the most recent
- Then kill each of these processes, so the only one remaining is the most recent (ie the last opened session)

This is the dirty idea I have in mind, but I'm sure some of you have something really better to suggest :)

Thanks in advance
morveusAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

flob9Commented:
Couldnt you set "max user processes" to 1 for them?
(ulimit -u)
0
morveusAuthor Commented:
Hello and thanks for your answer,

I've tried "ulimit -u 1" on one of my users, but I'm not sure this is the way it works...
When doing "ulimit -u" with this user, the output displays "1", so I guess it's ok, but if I close the session and open another session with the user, "ulimit -u" goes back to "unlimited".

Where am I wrong ?

Thanks a lot
0
flob9Commented:
Hmmm ...

Another way : check the /etc/security/limits.conf file, there should be anything you need here.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
morveusAuthor Commented:
It's me again : thanks to you, I've searched Google for "ulimit" and finally I found something about the "/etc/security/limits.conf"

I've added this :
user_name hard nproc 1

And it's working ! The user can only start an sshd process (using plink for instance), but no shell, nothing else ;)

Thanks a lot !
0
flob9Commented:
maxlogins 1
for your user group ... this should work
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.