how to prevent same user ssh to the multiple server
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Thank you for the reply , but this MaxSessions is applicable for 1 single server ?I need it to cross check betweens servers , so if User A logged in to Server 1 they can't log in to Server 2 .
There's no (built-in) way I know of; why would you want this anyway?
I am trying to prevent the same user to log in to multiple server at one time .Is there anyone know came across this problem ?Is there anyway we can make the server to check across servers before allowing the user to log in ?
I haven't heard of a function like that being build in. In my opinion a minimum requirement in order to have something like this available is to have a centralized authentication system like LDAP. Or you can write a script that checks logged in users on other servers before allowing login, but I imagine that would be quite an undertaking. As asked by chrism01, why would you want this feature? What's the need for it?
I am trying to prevent the same user to log in to multiple server at one time .Is there anyone know came across this problem ?Is there anyway we can make the server to check across servers before allowing the user to log in ?
I need some help on how to prevent same user from ssh to multiple linux server at a same time , anyone of you have the script or how to do that ?
Really appreciate it !
Thanks and best regards.
Steve
Hi,
I have a workaround for this. I am not sure whether this is the best way, But yes it works pretty good. I tested this in RHEL 5.0
For this, I have made a file/tmp/users in which I have entries of the users for which I need to check.
AND /tmp/check_ssh.sh which is my script.
You just need to run this script in background as
Code:
(bash /tmp/check_ssh.sh &> /dev/null) &
and put usernames of the users in /tmp/users
My files...
Code:
[root@server ~]# cat /tmp/check_ssh.sh
#!/bin/bash
while [ 1 ];
do
for user in `cat /tmp/users`;
do
top -u $user -bn1 | grep -w ssh
if [ $? -eq 0 ]
then
setfacl -m u:$user:000 /usr/bin/ssh
else
setfacl -x u:$user /usr/bin/ssh
fi
done
done;
[root@server ~]# cat /tmp/users (Here a,b,c are the users)
a
b
c
[root@server ~]#
Now, whenever a user initiates a second ssh session, he gets the below error.
I have a workaround for this. I am not sure whether this is the best way, But yes it works pretty good. I tested this in RHEL 5.0
For this, I have made a file/tmp/users in which I have entries of the users for which I need to check.
AND /tmp/check_ssh.sh which is my script.
You just need to run this script in background as
Code:
(bash /tmp/check_ssh.sh &> /dev/null) &
and put usernames of the users in /tmp/users
My files...
Code:
[root@server ~]# cat /tmp/check_ssh.sh
#!/bin/bash
while [ 1 ];
do
for user in `cat /tmp/users`;
do
top -u $user -bn1 | grep -w ssh
if [ $? -eq 0 ]
then
setfacl -m u:$user:000 /usr/bin/ssh
else
setfacl -x u:$user /usr/bin/ssh
fi
done
done;
[root@server ~]# cat /tmp/users (Here a,b,c are the users)
a
b
c
[root@server ~]#
Now, whenever a user initiates a second ssh session, he gets the below error.
Just test this, and tell me if you face any issues.
Sweet , i am going to test this out , may i know to make this applicable for multiple server checking ?If let say i have server A , B , C , how can i make it only to allow User log in to any server at a point of time ?
I have done this only, if a user logs in to server A, he would not be able to login to server B or C, until he logout from server A.
I have tested this code on my machine. Waiting for your response.
i am sorry , I think i didn't myself clear enough .Your script is good to prevent user ssh to Server B inside Server A .
What i am actually looking for is to stop user from opening a new ssh session to connect to any other servers if they are already connected to anyone .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.