> On 30 Mar 2023, at 23:12, hvjunk <hvjunk@xxxxxxxxx> wrote: > > I've been battling similar issues, and the only methods I've found (with sftp) was to use > software like pureftd oops, I meant ProFTPD (Keep swapping those two as I had need for each in different cases!) > or crushftp (using crushftp lately as production) that does handle these > issues "out of the box" > Other than that, I'd expect you'll need to write your own PAM modules to track the accounting part to > enforce the limits yourself, as you'll need to account for the sftp different from the terminal sessions > > > >> On 30 Mar 2023, at 22:43, François Ouellet <franco@xxxxxxxxxxxx> wrote: >> >> Hi, >> >> We need to limit concurrent sftp logins to one per user (because of bad >> client behaviour). Is there any way to achieve this I have overlooked? >> >> It seems it could be possible with pam_limits, if sftp sessions were >> recorded in utmp (a guess from what I found googling around). If I >> configure /etc/security/limits.conf with >> >> testuser hard maxlogins 1 >> >> and connect with ssh, and try a second connection with sftp, the sftp >> fails because there is already one session open. But if I connect with >> sftp and try a second sftp connection, it is allowed. >> >> Is there some way to have sftp connections recorded in utmp? I haven't >> found any reference to this. There are some posts from 10+ years ago >> where others were trying the same thing but there's no reply about how >> to do it. Would it be possible to add this option? >> >> We're using ChrootDirectory and ForceCommand internal-sftp, if it makes >> a difference (I've tried without and had the same results). >> >> Tried this on Debian bookworm's openssh-server (9.2). The changelog >> from 9.3 does not mention anything related to this. >> >> Thank you, >> >> François >> >> >> _______________________________________________ >> openssh-unix-dev mailing list >> openssh-unix-dev@xxxxxxxxxxx >> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
