?
Solved

Only one SSH session per user

Posted on 2009-07-15
5
Medium Priority
?
479 Views
Last Modified: 2012-05-07
Hello,

I'm currently looking for a way to limit the users who connect to my server using SSH to only one session per user.
My users can only connect to open SSH Tunnels, they can't do anything but this. I'm using "/bin/false" as a shell for them, and they are authenticated by private/public keys pairs.

I haven't found a "clean" way to achieve this, and for now I'm only thinking about making a cron task that:
- Enumerates the users I've put in a file (so only the users I choose are concerned by the process)
- For each user, show his running processes, only keep the "sshd" ones, order by date (descending) and skip the first line : you get a list of "sshd" processes, and you've skipped the most recent
- Then kill each of these processes, so the only one remaining is the most recent (ie the last opened session)

This is the dirty idea I have in mind, but I'm sure some of you have something really better to suggest :)

Thanks in advance
0
Comment
Question by:morveus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 14

Expert Comment

by:flob9
ID: 24857279
Couldnt you set "max user processes" to 1 for them?
(ulimit -u)
0
 

Author Comment

by:morveus
ID: 24857428
Hello and thanks for your answer,

I've tried "ulimit -u 1" on one of my users, but I'm not sure this is the way it works...
When doing "ulimit -u" with this user, the output displays "1", so I guess it's ok, but if I close the session and open another session with the user, "ulimit -u" goes back to "unlimited".

Where am I wrong ?

Thanks a lot
0
 
LVL 14

Accepted Solution

by:
flob9 earned 2000 total points
ID: 24857458
Hmmm ...

Another way : check the /etc/security/limits.conf file, there should be anything you need here.
0
 

Author Comment

by:morveus
ID: 24857460
It's me again : thanks to you, I've searched Google for "ulimit" and finally I found something about the "/etc/security/limits.conf"

I've added this :
user_name hard nproc 1

And it's working ! The user can only start an sshd process (using plink for instance), but no shell, nothing else ;)

Thanks a lot !
0
 
LVL 14

Expert Comment

by:flob9
ID: 24857474
maxlogins 1
for your user group ... this should work
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses
Course of the Month13 days, 19 hours left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question