Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Only one SSH session per user

Posted on 2009-07-15
5
Medium Priority
?
489 Views
Last Modified: 2012-05-07
Hello,

I'm currently looking for a way to limit the users who connect to my server using SSH to only one session per user.
My users can only connect to open SSH Tunnels, they can't do anything but this. I'm using "/bin/false" as a shell for them, and they are authenticated by private/public keys pairs.

I haven't found a "clean" way to achieve this, and for now I'm only thinking about making a cron task that:
- Enumerates the users I've put in a file (so only the users I choose are concerned by the process)
- For each user, show his running processes, only keep the "sshd" ones, order by date (descending) and skip the first line : you get a list of "sshd" processes, and you've skipped the most recent
- Then kill each of these processes, so the only one remaining is the most recent (ie the last opened session)

This is the dirty idea I have in mind, but I'm sure some of you have something really better to suggest :)

Thanks in advance
0
Comment
Question by:morveus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 14

Expert Comment

by:flob9
ID: 24857279
Couldnt you set "max user processes" to 1 for them?
(ulimit -u)
0
 

Author Comment

by:morveus
ID: 24857428
Hello and thanks for your answer,

I've tried "ulimit -u 1" on one of my users, but I'm not sure this is the way it works...
When doing "ulimit -u" with this user, the output displays "1", so I guess it's ok, but if I close the session and open another session with the user, "ulimit -u" goes back to "unlimited".

Where am I wrong ?

Thanks a lot
0
 
LVL 14

Accepted Solution

by:
flob9 earned 2000 total points
ID: 24857458
Hmmm ...

Another way : check the /etc/security/limits.conf file, there should be anything you need here.
0
 

Author Comment

by:morveus
ID: 24857460
It's me again : thanks to you, I've searched Google for "ulimit" and finally I found something about the "/etc/security/limits.conf"

I've added this :
user_name hard nproc 1

And it's working ! The user can only start an sshd process (using plink for instance), but no shell, nothing else ;)

Thanks a lot !
0
 
LVL 14

Expert Comment

by:flob9
ID: 24857474
maxlogins 1
for your user group ... this should work
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses
Course of the Month10 days, 13 hours left to enroll

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question