|
Concurrent nologin access to ssh
Hello,
I need to have a linux account witch have access only to tcp forwarding (tunneling), no shell access and concurently just 1 login per account. I tried to create accounts with nologin shell and set the limit of concurrent connections * hard maxlogins 1 in /etc/security/limits.conf . If i create a nologin account and check the "Don't start a shell or a command at all" in putty, the port forwarding works, the account don't have access to shell, but I can open more than one session. The problem is the condition in /etc/security/limits.conf works only if a shell opens. It doesn't works for nologin with "Don't start a shell or a command at all" checked in putty. So i tried to create a simple shell witch only says "welcome". The port forwarding works, i cannot login multiple times with an account and i don't have shell access, but if my clients checks the "Don't start a shell or a command at all" in putty they can login many times concurently and forward ports.Is there a way to force terminal open, so the "dont start.." option stop working? Or to make the port forwarding work only after shell starts? I need a solution for the problem. Please help |
I think you have to play with pam settings and add at login or sshd the option
session required pam_limits.so In rest Im not sure you can do other settings which could help. |
still not working
i tried now to add that line to login restarted the sshd service but i'm still able to open more than one sessions with that option checked in putty :(
|
| All times are GMT -5. The time now is 05:42 AM. |