Hello,
I need to have a linux account witch have access only to tcp forwarding (tunneling), no shell access and concurently just 1 login per account.
I tried to create accounts with nologin shell and set the limit of concurrent connections * hard maxlogins 1 in /etc/security/limits.conf . If i create a nologin account and check the "Don't start a shell or a command at all" in putty, the port forwarding works, the account don't have access to shell, but I can open more than one session. The problem is the condition in /etc/security/limits.conf works only if a shell opens. It doesn't works for nologin with "Don't start a shell or a command at all" checked in putty. So i tried to create a simple shell witch only says "welcome". The port forwarding works, i cannot login multiple times with an account and i don't have shell access, but if my clients checks the "Don't start a shell or a command at all" in putty they can login many times concurently and forward ports.Is there a way to force terminal open, so the "dont start.." option stop working? Or to make the port forwarding work only after shell starts?
I need a solution for the problem.
Please help

I think you have to play with pam settings and add at login or sshd the option

session required pam_limits.so

In rest Im not sure you can do other settings which could help.

i tried now to add that line to login restarted the sshd service but i'm still able to open more than one sessions with that option checked in putty