Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 1 Aug 2008 15:26:40 +0300
From:      Kostik Belousov <kostikbel@gmail.com>
To:        Ed Schouten <ed@80386.nl>
Cc:        karim.bourenane@orange-ftgroup.com, FreeBSD Current <freebsd-current@freebsd.org>
Subject:   Re: [BSD6] SSH Restriction
Message-ID:  <20080801122640.GH97161@deviant.kiev.zoral.com.ua>
In-Reply-To: <20080801121004.GO99951@hoeg.nl>
References:  <EB0526E758E4764B9B5186295C5790C901A7CF4E@PUEXCBJ0.nanterre.francetelecom.fr> <20080801121004.GO99951@hoeg.nl>
next in thread | previous in thread | raw e-mail | index | archive | help 

--NWFdL9cNbHaIJHRV
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Aug 01, 2008 at 02:10:04PM +0200, Ed Schouten wrote:
> Hello Karim,
>=20
> * karim.bourenane@orange-ftgroup.com <karim.bourenane@orange-ftgroup.com>=
 wrote:
> > I have one question. How i can restrict ( limit ) 1 user to have for
> > exemple 5 ssh connection in simutanous time, no more ?
>=20
> It's quite funny you ask this question, because I've been working on
> this last week.
>=20
> The new TTY code, which I'll commit next week, adds a new rlimit to the
> kernel called RLIMIT_NPTS. This rlimit allows you to limit the number of
> pseudo-terminals allocated by a single user. This means you can limit
> the number of login sessions by tuning the "pseudoterminals" field in
> /etc/login.conf.
>=20
> This seems to work with tools like screen(1), xterm(1), etc.
> Unfortunately I didn't get it working with OpenSSH, because OpenSSH
> allocates terminals while been root. I've already contacted the OpenSSH
> folks about this, but I haven't got any response (yet).

Limit on the allocation of the ptys is useful. Trying to use it to top
the number of the "sessions" may be not.  There is a -T option for the ssh(=
1).

Without clear description of why the restriction is imposed, the question
probably cannot be answered.

--NWFdL9cNbHaIJHRV
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)

iEYEARECAAYFAkiTAQAACgkQC3+MBN1Mb4jS5wCfbvLF0OXkWitxpSDRvVQWUGu+
GAkAnjtaKpiD8igNZOIaWNcc8OL2s5/3
=LdD8
-----END PGP SIGNATURE-----

--NWFdL9cNbHaIJHRV--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080801122640.GH97161>