sftp and utmp

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]



We need to limit concurrent sftp logins to one per user (because of bad
client behaviour).  Is there any way to achieve this I have overlooked?

It seems it could be possible with pam_limits, if sftp sessions were
recorded in utmp (a guess from what I found googling around).  If I
configure /etc/security/limits.conf with

  testuser hard maxlogins 1

and connect with ssh, and try a second connection with sftp, the sftp
fails because there is already one session open.  But if I connect with
sftp and try a second sftp connection, it is allowed.

Is there some way to have sftp connections recorded in utmp?  I haven't
found any reference to this.  There are some posts from 10+ years ago
where others were trying the same thing but there's no reply about how
to do it.  Would it be possible to add this option?

We're using ChrootDirectory and ForceCommand internal-sftp, if it makes
a difference (I've tried without and had the same results).

Tried this on Debian bookworm's openssh-server (9.2).  The changelog
from 9.3 does not mention anything related to this.

Thank you,


openssh-unix-dev mailing list

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux