Linux – How to limit concurrent session on a per user basis for ssh

linuxsshUbuntu

I am trying to prevent my ssh users from having more than one session open at once, my system is Ubuntu 11.10.

I thought the setting was in /etc/security/limits.conf where I set the following:

betatest hard maxlogins 1

However, this has no effect and I can log in multiple times using user account name betatest from different machines.

The sshd_config is using PAM and the login and sshd configs in /etc/pam.d both have the setting:

session    required   pam_limits.so

If anyone knows how I can restrict the concurrent sessions on a per user basis I would really appreciate the help.

Best Answer

It appears to me, from the MAN page for pam_limits (at least on rhel/centos), that adding a maxlogins parameter for the desired user(s) would do the trick... but I haven't tested it:

NAME
       pam_limits - PAM module to limit resources

SYNOPSIS
       pam_limits.so [change_uid] [conf=/path/to/limits.conf] [debug] [utmp_early] [noaudit]

DESCRIPTION
       The pam_limits PAM module sets limits on the system resources that can be obtained in a user-session. Users of uid=0 are affected by this limits, too.

       By default limits are taken from the /etc/security/limits.conf config file. Then individual *.conf files from the /etc/security/limits.d/ directory are read.

Related Solutions

Ssh – How to automate SSH login with password

Don't use a password. Generate a passphrase-less SSH key and push it to your VM.

If you already have an SSH key, you can skip this step… Just hit Enter for the key and both passphrases:

$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.

Copy your keys to the target server:

$ ssh-copy-id id@server
id@server's password:

Now try logging into the machine, with ssh 'id@server', and check-in:

.ssh/authorized_keys

Note: If you don't have .ssh dir and authorized_keys file, you need to create it first

to make sure we haven’t added extra keys that you weren’t expecting.

Finally, check to log in…

$ ssh id@server

id@server:~$

You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase.

Linux – Getting MongoDB to use max open file descriptors in /etc/security/limits.conf

So it seems MongoDB 1.6.5 doesn't work with the limit nofile line. You need to put ulimit -n X (where X is the file descriptors you want) just after the script keyword.

    script
        ulimit -n 60000
        PORT=27027
...

I guess the method using the pre-start block is for later versions of MongoDB.

Also for note, MongoDB has a hard limit of 20,000 connections, so it doesn't matter if you set file descriptors higher than that.

Another thing learned: starting and stopping using upstart scripts is not the same as REstarting. Starting and stopping threw errors on the limit nofile command, whereas restarting did not.

Best Answer

Related Solutions

Ssh – How to automate SSH login with password

Linux – Getting MongoDB to use max open file descriptors in /etc/security/limits.conf

Related Topic