Solved

Only one SSH session per user

Posted on 2009-07-15
5
456 Views
Last Modified: 2012-05-07
Hello,

I'm currently looking for a way to limit the users who connect to my server using SSH to only one session per user.
My users can only connect to open SSH Tunnels, they can't do anything but this. I'm using "/bin/false" as a shell for them, and they are authenticated by private/public keys pairs.

I haven't found a "clean" way to achieve this, and for now I'm only thinking about making a cron task that:
- Enumerates the users I've put in a file (so only the users I choose are concerned by the process)
- For each user, show his running processes, only keep the "sshd" ones, order by date (descending) and skip the first line : you get a list of "sshd" processes, and you've skipped the most recent
- Then kill each of these processes, so the only one remaining is the most recent (ie the last opened session)

This is the dirty idea I have in mind, but I'm sure some of you have something really better to suggest :)

Thanks in advance
0
Comment
Question by:morveus
  • 3
  • 2
5 Comments
 
LVL 14

Expert Comment

by:flob9
ID: 24857279
Couldnt you set "max user processes" to 1 for them?
(ulimit -u)
0
 

Author Comment

by:morveus
ID: 24857428
Hello and thanks for your answer,

I've tried "ulimit -u 1" on one of my users, but I'm not sure this is the way it works...
When doing "ulimit -u" with this user, the output displays "1", so I guess it's ok, but if I close the session and open another session with the user, "ulimit -u" goes back to "unlimited".

Where am I wrong ?

Thanks a lot
0
 
LVL 14

Accepted Solution

by:
flob9 earned 500 total points
ID: 24857458
Hmmm ...

Another way : check the /etc/security/limits.conf file, there should be anything you need here.
0
 

Author Comment

by:morveus
ID: 24857460
It's me again : thanks to you, I've searched Google for "ulimit" and finally I found something about the "/etc/security/limits.conf"

I've added this :
user_name hard nproc 1

And it's working ! The user can only start an sshd process (using plink for instance), but no shell, nothing else ;)

Thanks a lot !
0
 
LVL 14

Expert Comment

by:flob9
ID: 24857474
maxlogins 1
for your user group ... this should work
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question