For exactly description. We have one user (robot) connect on server with ssh command and telnet argment to access on some router. The connection is not closed and cleaned properly. Also the CPU increases dangerously. Regards Karim Bourenane 112 Av. Charles de Gaules 92520 Neuilly S/Seine Phone: +33156 76 35 52 Fax: +33156 76 35 04 http://www.equant.com -----Original Message----- From: Kostik Belousov [mailto:kostikbel_at_gmail.com] Sent: vendredi 1 août 2008 14:27 To: Ed Schouten Cc: BOURENANE Karim SCE/IBNF; FreeBSD Current Subject: Re: [BSD6] SSH Restriction On Fri, Aug 01, 2008 at 02:10:04PM +0200, Ed Schouten wrote: > Hello Karim, > > * karim.bourenane_at_orange-ftgroup.com <karim.bourenane_at_orange-ftgroup.com> wrote: > > I have one question. How i can restrict ( limit ) 1 user to have for > > exemple 5 ssh connection in simutanous time, no more ? > > It's quite funny you ask this question, because I've been working on > this last week. > > The new TTY code, which I'll commit next week, adds a new rlimit to > the kernel called RLIMIT_NPTS. This rlimit allows you to limit the > number of pseudo-terminals allocated by a single user. This means you > can limit the number of login sessions by tuning the "pseudoterminals" > field in /etc/login.conf. > > This seems to work with tools like screen(1), xterm(1), etc. > Unfortunately I didn't get it working with OpenSSH, because OpenSSH > allocates terminals while been root. I've already contacted the > OpenSSH folks about this, but I haven't got any response (yet). Limit on the allocation of the ptys is useful. Trying to use it to top the number of the "sessions" may be not. There is a -T option for the ssh(1). Without clear description of why the restriction is imposed, the question probably cannot be answered. ********************************* This message and any attachments (the "message") are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. Messages are susceptible to alteration. France Telecom Group shall not be liable for the message if altered, changed or falsified. If you are not the intended addressee of this message, please cancel it immediately and inform the sender. ********************************Received on Fri Aug 01 2008 - 10:36:14 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:33 UTC