Sshd_config limit / disable multiplexing

multiplexingssh

Background:

ssh (client) allows the re-use of active connections via multiplexing ControlPaths …

Host *
ControlMaster auto
ControlPath /home/username/.ssh/%r@%h:%p

the TL;DR is the first connection will authenticate like any other, subsequent connections will use the controlpath and not perform any additional authentication.

Now my question; is it possible to limit the use of such connections server side ? in the sshd_config.

MaxSessions does not work despite setting to 1 I can connect to a host as many additional times as wanted via the same original connection.

Setting to 0 of course just disabled remote logins entirely.

Best Answer

Now my question; is it possible to limit the use of such connections server side ? in the sshd_config.

Yes, the MaxSessions does exactly what you are describing, if you are not using buggy server. Disables multiplexing sessions.

MaxSessions does not work despite setting to 1 I can connect to a host as many additional times as wanted via the same original connection

If you would open more sessions, you need to open more connections. But this is not what you are asking in the title of question. but anyway, as described in Unix, you can use /etc/security/limits.conf:

 foo-user           -       maxlogins       1

As I spend more time with your question, I can think that you have back in your head option ControlPersist, which allows to open and close the one session during the one connection (but you probably forgot to mention it). If this is your concern, there is no way to forbid it with pure ssh. You would need probably some ForceCommand script to handle it for you.

Best Answer

Related Solutions

Ssh – make ssh tell me which control file it would use for multiplexing

Linux – ny way to use session multiplexing (Control Master) from windows

Related Topic