LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Blogs > kbscores
User Name
Password

Notices

Rate this Entry

Step 1: Login

Posted 08-20-2012 at 01:59 PM by kbscores

So this weekend I was doing some research on limiting remote logins. There are so many ways to login to a system the easiest way is just to block everything and then allow essential protocols through. Most common way to access a Linux system remotely is through SSH.
I always thought that getty was used in conjunction with SSH for logging into a system, but it is not. Silly me. So how it works is getty is first checked by init, if everything looks good init spawns a getty process for each available terminal or serial connection.
Note: If init is killed getty dies with it  poor getty.
Upon login getty grabs the username and password then passes that information to login. If username and password are correct login then runs the shell specified. Once the shell is terminated init spawns another getty instance for that terminal.
Note: The kernel has no knowledge of logins it is all handled by system programs
Ok so what about SSH?
SSH handles logins and manages its own set of data. This data is stored in the .ssh file within the users home directory. For example when you log into machineA from machineB a record is created on machineB to note that machineA is a known host. So when you log into machineA again from machine ssh knows it is a trusted machine. Any new hosts are automatically added to that specific users file. If a hosts identification information changes ssh will warn the user about this to prevent unauthorized access to that machine.
Note: If you are warned and the machine was actually changed and not hijacked all that is required is to remove the entry for that host in ~/.ssh/known_hosts.
So upon a successful login either a pre-specified command is ran or it will log the user into that computer over a encrypted connection. Once a user logs in they are provided what is called a pseudo terminal; however, a pseudo terminal is not always necessary.
The session terminates after command is finished or shell is exited.
So how do you limit ssh connections?
As far as I can tell PAMlimits will allow connections to be capped on a person to person basis. This means user Susie can only have x number of logins to the server, where x is the number of logins that have been set. So how do you accomplish this?


Add this line to /etc/pam.d/sshd:
session required pam_limits.so
Next change UsePAM to yes in /etc/ssh/sshd_config
So what about total number of simultaneous connections? Can those be limited?
Yes by limiting iptables connections to port 22.
Here is the command to use


[root] # iptables I INPUT p TCP --dport 22 --syn m connlimit --connlimit-above 9 j REJECT

So with that I think I am going to work on a guide for iptables.
Posted in Uncategorized
Views 418 Comments 0
« Prev     Main     Next »
Total Comments 0

Comments

 

  



All times are GMT -5. The time now is 02:13 AM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration