Date: Fri, 1 Aug 2008 14:36:07 +0200 From: <karim.bourenane@orange-ftgroup.com> To: "Kostik Belousov" <kostikbel@gmail.com>, "Ed Schouten" <ed@80386.nl> Cc: FreeBSD Current <freebsd-current@freebsd.org> Subject: RE: [BSD6] SSH Restriction Message-ID: <EB0526E758E4764B9B5186295C5790C901A7D094@PUEXCBJ0.nanterre.francetelecom.fr> In-Reply-To: <20080801122640.GH97161@deviant.kiev.zoral.com.ua> References: <EB0526E758E4764B9B5186295C5790C901A7CF4E@PUEXCBJ0.nanterre.francetelecom.fr> <20080801121004.GO99951@hoeg.nl> <20080801122640.GH97161@deviant.kiev.zoral.com.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
For exactly description=2E=20
We have one user (robot) connect on server with ssh command and telnet=
argment to access on some router=2E
The connection is not closed and cleaned properly=2E Also the CPU increases=
dangerously=2E
Regards
Karim Bourenane
112 Av=2E Charles de Gaules
92520 Neuilly S/Seine
Phone: +33156 76 35 52
Fax: +33156 76 35 04
http://www=2Eequant=2Ecom
-----Original Message-----
From: Kostik Belousov [mailto:kostikbel@gmail=2Ecom]=20
Sent: vendredi 1 ao=FBt 2008 14:27
To: Ed Schouten
Cc: BOURENANE Karim SCE/IBNF; FreeBSD Current
Subject: Re: [BSD6] SSH Restriction
On Fri, Aug 01, 2008 at 02:10:04PM +0200, Ed Schouten wrote:
> Hello Karim,
>=20
> * karim=2Ebourenane@orange-ftgroup=2Ecom <karim=
=2Ebourenane@orange-ftgroup=2Ecom> wrote:
> > I have one question=2E How i can restrict ( limit ) 1 user to have for=
=20
> > exemple 5 ssh connection in simutanous time, no more ?
>=20
> It's quite funny you ask this question, because I've been working on=20
> this last week=2E
>=20
> The new TTY code, which I'll commit next week, adds a new rlimit to=20
> the kernel called RLIMIT_NPTS=2E This rlimit allows you to limit the=20
> number of pseudo-terminals allocated by a single user=2E This means you=20
> can limit the number of login sessions by tuning the "pseudoterminals"=20
> field in /etc/login=2Econf=2E
>=20
> This seems to work with tools like screen(1), xterm(1), etc=2E
> Unfortunately I didn't get it working with OpenSSH, because OpenSSH=20
> allocates terminals while been root=2E I've already contacted the=20
> OpenSSH folks about this, but I haven't got any response (yet)=2E
Limit on the allocation of the ptys is useful=2E Trying to use it to top=
the number of the "sessions" may be not=2E There is a -T option for the=
ssh(1)=2E
Without clear description of why the restriction is imposed, the question=
probably cannot be answered=2E
*********************************
This message and any attachments (the "message") are confidential and=
intended solely for the addressees=2E=20
Any unauthorised use or dissemination is prohibited=2E
Messages are susceptible to alteration=2E=20
France Telecom Group shall not be liable for the message if altered,=
changed or falsified=2E
If you are not the intended addressee of this message, please cancel it=
immediately and inform the sender=2E
********************************
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EB0526E758E4764B9B5186295C5790C901A7D094>