Re: Restrict SSH connections

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

Thanks for the response Jakub.

user1          -       maxlogins       5

Does the pam_limits gets applied on per user basis?

My requirement is to limit the total number of ssh sessions (say 5) to the
SSH server from any user,
The requirement is irrespective of the group or a user.
E.g.
Say if a user (userA) has created 5 ssh connections, no other user should
be allowed to connect to the SSH server
or if userA has created  3 sessions, then two more sessions can be create
by any other user.

Could you please help me on how can I achieve this with pam_limits.

Thanks & Regards,
Amit

On Wed, Feb 26, 2020 at 1:24 PM Jakub Jelen <jjelen@xxxxxxxxxx> wrote:

> On Tue, 2020-02-25 at 11:44 +0100, mlrx wrote:
> > Le 25/02/2020 à 10:56, Amit Prajapati a écrit :
> > > Hi,
> > >
> > > Is there a way to restrict the number of active SSH client
> > > connections to
> > > an sshd server.
> > >
> > > Thanks & Regards,
> > > Amit
> >
> > Hi,
> >
> > (Not a specialist but I make a try. It seems to be a good way to
> > learn.)
> >
> > It seems to be only possible on the server configuration.
> >
> > Clever or not, maybe use some conditional parameters in
> > sshd_config ?
> > Something like:
> >
> > Match Group adminA
> >    MaxSessions 8
> > Match Group adminB
> >    MaxSessions 4
> > Match User UserA
> >    MaxSessions 1
> > Match User UserB
> >    MaxSessions 2
>
> This does not limit connections, but only multiplexed sessions inside a
> single connection.
>
> To limit amount of shells, you can use pam_limits [1], but it does not
> catch non-shell connections such as sftp, port forwarding, jumps to
> other servers and so on. For that, you need to use something home-
> cooked or some non-standard tool.
>
> https://serverfault.com/a/245348/186199
>
> Regards,
> --
> Jakub Jelen
> Senior Software Engineer
> Security Technologies
> Red Hat, Inc.
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@xxxxxxxxxxx
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux