From owner-freebsd-current@FreeBSD.ORG Fri Aug 1 12:36:14 2008 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C8578106566B for ; Fri, 1 Aug 2008 12:36:14 +0000 (UTC) (envelope-from karim.bourenane@orange-ftgroup.com) Received: from relais-inet.francetelecom.com (relais-ias92.francetelecom.com [193.251.215.92]) by mx1.freebsd.org (Postfix) with ESMTP id 58C318FC12 for ; Fri, 1 Aug 2008 12:36:14 +0000 (UTC) (envelope-from karim.bourenane@orange-ftgroup.com) Received: from omfedm08.si.francetelecom.fr (unknown [xx.xx.xx.4]) by omfedm12.si.francetelecom.fr (ESMTP service) with ESMTP id 627CE482A5; Fri, 1 Aug 2008 14:36:13 +0200 (CEST) Received: from PUEXCC61.nanterre.francetelecom.fr (unknown [10.168.72.160]) by omfedm08.si.francetelecom.fr (ESMTP service) with ESMTP id 3B52D6803F; Fri, 1 Aug 2008 14:36:13 +0200 (CEST) Received: from PUEXCBJ0.nanterre.francetelecom.fr ([10.168.75.60]) by PUEXCC61.nanterre.francetelecom.fr with Microsoft SMTPSVC(6.0.3790.2499); Fri, 1 Aug 2008 14:36:11 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Fri, 1 Aug 2008 14:36:07 +0200 Message-ID: In-Reply-To: <20080801122640.GH97161@deviant.kiev.zoral.com.ua> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [BSD6] SSH Restriction Thread-Index: Acjz0eeUeKAw/EIESIaEV/to7EH64QAAEnjA References: <20080801121004.GO99951@hoeg.nl> <20080801122640.GH97161@deviant.kiev.zoral.com.ua> From: To: "Kostik Belousov" , "Ed Schouten" X-OriginalArrivalTime: 01 Aug 2008 12:36:11.0872 (UTC) FILETIME=[2E31BE00:01C8F3D3] Cc: FreeBSD Current Subject: RE: [BSD6] SSH Restriction X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2008 12:36:15 -0000 For exactly description=2E=20 We have one user (robot) connect on server with ssh command and telnet= argment to access on some router=2E The connection is not closed and cleaned properly=2E Also the CPU increases= dangerously=2E Regards Karim Bourenane 112 Av=2E Charles de Gaules 92520 Neuilly S/Seine Phone: +33156 76 35 52 Fax: +33156 76 35 04 http://www=2Eequant=2Ecom -----Original Message----- From: Kostik Belousov [mailto:kostikbel@gmail=2Ecom]=20 Sent: vendredi 1 ao=FBt 2008 14:27 To: Ed Schouten Cc: BOURENANE Karim SCE/IBNF; FreeBSD Current Subject: Re: [BSD6] SSH Restriction On Fri, Aug 01, 2008 at 02:10:04PM +0200, Ed Schouten wrote: > Hello Karim, >=20 > * karim=2Ebourenane@orange-ftgroup=2Ecom wrote: > > I have one question=2E How i can restrict ( limit ) 1 user to have for= =20 > > exemple 5 ssh connection in simutanous time, no more ? >=20 > It's quite funny you ask this question, because I've been working on=20 > this last week=2E >=20 > The new TTY code, which I'll commit next week, adds a new rlimit to=20 > the kernel called RLIMIT_NPTS=2E This rlimit allows you to limit the=20 > number of pseudo-terminals allocated by a single user=2E This means you=20 > can limit the number of login sessions by tuning the "pseudoterminals"=20 > field in /etc/login=2Econf=2E >=20 > This seems to work with tools like screen(1), xterm(1), etc=2E > Unfortunately I didn't get it working with OpenSSH, because OpenSSH=20 > allocates terminals while been root=2E I've already contacted the=20 > OpenSSH folks about this, but I haven't got any response (yet)=2E Limit on the allocation of the ptys is useful=2E Trying to use it to top= the number of the "sessions" may be not=2E There is a -T option for the= ssh(1)=2E Without clear description of why the restriction is imposed, the question= probably cannot be answered=2E ********************************* This message and any attachments (the "message") are confidential and= intended solely for the addressees=2E=20 Any unauthorised use or dissemination is prohibited=2E Messages are susceptible to alteration=2E=20 France Telecom Group shall not be liable for the message if altered,= changed or falsified=2E If you are not the intended addressee of this message, please cancel it= immediately and inform the sender=2E ********************************