From owner-freebsd-current@FreeBSD.ORG  Fri Aug  1 12:10:05 2008
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D5C621065684
	for <freebsd-current@freebsd.org>; Fri,  1 Aug 2008 12:10:05 +0000 (UTC)
	(envelope-from ed@hoeg.nl)
Received: from palm.hoeg.nl (mx0.hoeg.nl [IPv6:2001:610:652::211])
	by mx1.freebsd.org (Postfix) with ESMTP id 93C898FC08
	for <freebsd-current@freebsd.org>; Fri,  1 Aug 2008 12:10:05 +0000 (UTC)
	(envelope-from ed@hoeg.nl)
Received: by palm.hoeg.nl (Postfix, from userid 1000)
	id B7B391CD38; Fri,  1 Aug 2008 14:10:04 +0200 (CEST)
Date: Fri, 1 Aug 2008 14:10:04 +0200
From: Ed Schouten <ed@80386.nl>
To: karim.bourenane@orange-ftgroup.com
Message-ID: <20080801121004.GO99951@hoeg.nl>
References: <EB0526E758E4764B9B5186295C5790C901A7CF4E@PUEXCBJ0.nanterre.francetelecom.fr>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="7PAM/4G1BR2SfWzg"
Content-Disposition: inline
In-Reply-To: <EB0526E758E4764B9B5186295C5790C901A7CF4E@PUEXCBJ0.nanterre.francetelecom.fr>
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: FreeBSD Current <freebsd-current@freebsd.org>
Subject: Re: [BSD6] SSH Restriction
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Aug 2008 12:10:05 -0000


--7PAM/4G1BR2SfWzg
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hello Karim,

* karim.bourenane@orange-ftgroup.com <karim.bourenane@orange-ftgroup.com> w=
rote:
> I have one question. How i can restrict ( limit ) 1 user to have for
> exemple 5 ssh connection in simutanous time, no more ?

It's quite funny you ask this question, because I've been working on
this last week.

The new TTY code, which I'll commit next week, adds a new rlimit to the
kernel called RLIMIT_NPTS. This rlimit allows you to limit the number of
pseudo-terminals allocated by a single user. This means you can limit
the number of login sessions by tuning the "pseudoterminals" field in
/etc/login.conf.

This seems to work with tools like screen(1), xterm(1), etc.
Unfortunately I didn't get it working with OpenSSH, because OpenSSH
allocates terminals while been root. I've already contacted the OpenSSH
folks about this, but I haven't got any response (yet).

--=20
 Ed Schouten <ed@80386.nl>
 WWW: http://80386.nl/

--7PAM/4G1BR2SfWzg
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)

iEYEARECAAYFAkiS/RwACgkQ52SDGA2eCwUvlgCfY9Mzbm+tIIurJn+vbYP4bMhX
cqYAn1Csde84fjO5A5fcBn3m7kWFWQX0
=wmKU
-----END PGP SIGNATURE-----

--7PAM/4G1BR2SfWzg--