From owner-freebsd-hackers@FreeBSD.ORG Wed Mar 8 20:24:45 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6067016A420 for ; Wed, 8 Mar 2006 20:24:45 +0000 (GMT) (envelope-from non_secure@yahoo.com) Received: from web50914.mail.yahoo.com (web50914.mail.yahoo.com [206.190.39.93]) by mx1.FreeBSD.org (Postfix) with SMTP id CB72743D46 for ; Wed, 8 Mar 2006 20:24:44 +0000 (GMT) (envelope-from non_secure@yahoo.com) Received: (qmail 85343 invoked by uid 60001); 8 Mar 2006 20:24:44 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=loQvsd0KThbWxsHoXItsdDAFfRs2ZR/0dcxvyrBDOnoYKmGyQgLP2EjMgi6oWPn9+oA3YS+HDpvbQK7jOUoZrD3JWhCQ6lPacZkFPMQRsjGBUVWOHNGdQwfOM7d5UqJU/2dRjfTnZa8t1tOB8B6AbUhjctP0f4mNjp9/bW9fwD0= ; Message-ID: <20060308202444.85341.qmail@web50914.mail.yahoo.com> Received: from [24.94.196.84] by web50914.mail.yahoo.com via HTTP; Wed, 08 Mar 2006 12:24:44 PST Date: Wed, 8 Mar 2006 12:24:44 -0800 (PST) From: Joe Schmoe To: freebsd-hackers@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Mailman-Approved-At: Wed, 08 Mar 2006 20:25:36 +0000 Subject: sshd (or global) max-connections-per-user setting under FreeBSD ? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Mar 2006 20:24:45 -0000 I am running a stock FreeBSD 6.0-RELEASE system, with the built-in ssh/sshd. I am interested in limiting the number of ssh connections any particular user can make to the system ... for instance, if limited to 3, they could login interactively, commence an rsync over ssh, and commence an scp file transfer, but could not initiate a fourth ssh transaction of any sort. I don't see an obvious way to do this, and further, I am not particularly interested in running sshd out of inetd, which _might_ help me accomplish this... I am wondering the following: - is there a general "max connections per user" mechanism in FreeBSD that I could use ? I only allow ssh connections, so I don't need it to be sshd specific - I would be happy with a global max conn mechanism... - (if there isn't a global maxconn) is there an elegant way to limit max connection for sshd ? I feel like I could do this with pam.conf, based on the documentation, but I don't see how, and further, there is no pam.conf in a default install ... so perhaps I add it to /etc/pam.d/sshd (or perhaps /etc/pam.d/system for global ?) I am sorry to ramble - all comments and suggestions are greatly appreciated. thanks. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com