Mailing List Archive

Limit concurrent SSH sessions
Hi,

For one of my application, for accepting the ssh connection on different
namespaces, I am instantiating "sshd service" on different namespaces. I am
able to create ssh connection on each namespcae but I want to put a
limitation on max concurrent ssh connection to 5 for each namespace. Is
there a way to achieve it using openssh.

Thanks & Regards
Amit
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Limit concurrent SSH sessions [ In reply to ]
On Tue, 2019-08-20 at 14:05 +0530, Amit Prajapati wrote:
> Hi,
>
> For one of my application, for accepting the ssh connection on
> different
> namespaces, I am instantiating "sshd service" on different
> namespaces. I am
> able to create ssh connection on each namespcae but I want to put a
> limitation on max concurrent ssh connection to 5 for each namespace.
> Is
> there a way to achieve it using openssh.

I don't think there is a way to do that in the OpenSSH itself, since
each of the ssh sessions on the server is separate process without any
information about the others.

But you can simply do that using pam, for example using pam_limits
module, and maxlogins option in limits.conf.

Regards,
--
Jakub Jelen
Senior Software Engineer
Security Technologies
Red Hat, Inc.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Limit concurrent SSH sessions [ In reply to ]
Hi Jakub

Thanks for your reply!!

I tried following steps:
1. "UsePAM yes" is set in /etc/ssh/sshd_config file.
2. Added "session required pam_limits.so" in /etc/pam.d/sshd file.
3. Added " * hard maxlogins 5 " in /etc/security/limits.conf
file.

Still, I am not able to restrict the max session to 5. Am I missing
something?
Also I don't want to put this limit per user, I want to put the limit for
max sessions from any user to 5.

Thanks & Regards,
Amit

On Tue, Aug 20, 2019 at 3:05 PM Jakub Jelen <jjelen@redhat.com> wrote:

> On Tue, 2019-08-20 at 14:05 +0530, Amit Prajapati wrote:
> > Hi,
> >
> > For one of my application, for accepting the ssh connection on
> > different
> > namespaces, I am instantiating "sshd service" on different
> > namespaces. I am
> > able to create ssh connection on each namespcae but I want to put a
> > limitation on max concurrent ssh connection to 5 for each namespace.
> > Is
> > there a way to achieve it using openssh.
>
> I don't think there is a way to do that in the OpenSSH itself, since
> each of the ssh sessions on the server is separate process without any
> information about the others.
>
> But you can simply do that using pam, for example using pam_limits
> module, and maxlogins option in limits.conf.
>
> Regards,
> --
> Jakub Jelen
> Senior Software Engineer
> Security Technologies
> Red Hat, Inc.
>
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev