LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   how to restrict number of sftp connections. (https://www.linuxquestions.org/questions/linux-security-4/how-to-restrict-number-of-sftp-connections-843171/)

kirankumarburgu 11-09-2010 03:47 AM
how to restrict number of sftp connections.
 
Hi all,

if i want user should`t have more than 20 sftp connections to a server,
is there any way we can limit no.of connections to a particular user on the server using ssh configuration.

Thanks & Regards,
Kiran

anomie 11-09-2010 10:21 AM
From the sshd_config(5) manpages:
Quote:
MaxSessions
Specifies the maximum number of open sessions permitted per net-
work connection. The default is 10.
This will only help if the user is opening multiple connections from the same IP.

kirankumarburgu 11-09-2010 11:05 PM
I am getting below error if i try with Max sessions option.
any idea why ssh is failing to start?

[root@zin50lte-build ~]# ssh -V
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
[root@zin50lte-build ~]#
[root@zin50lte-build ~]# /etc/init.d/sshd start
Starting sshd:/etc/ssh/sshd_config: line 105: Bad configuration option: MaxSessions
/etc/ssh/sshd_config: terminating, 1 bad configuration options
[FAILED]
Thanks,
Kiran

win32sux 11-09-2010 11:25 PM
Quote:
Originally Posted by kirankumarburgu (Post 4154340)
I am getting below error if i try with Max sessions option.
any idea why ssh is failing to start?

[root@zin50lte-build ~]# ssh -V
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
[root@zin50lte-build ~]#
[root@zin50lte-build ~]# /etc/init.d/sshd start
Starting sshd:/etc/ssh/sshd_config: line 105: Bad configuration option: MaxSessions
/etc/ssh/sshd_config: terminating, 1 bad configuration options
[FAILED]
Thanks,
Kiran
The changelog in the OpenSSH 5.1 release notes contains this entry:
Quote:
* Added a MaxSessions option to sshd_config(5) to allow control of the
number of multiplexed sessions supported over a single TCP connection.
This allows increasing the number of allowed sessions above the
previous default of 10, disabling connection multiplexing
(MaxSessions=1) or disallowing login/shell/subsystem sessions
entirely (MaxSessions=0).
...so it sounds like your version simply doesn't come with that option.

That said, have you considered using iptables to limit the number of connections which can be started from the same IP? You could do it with the connlimit match using something like (example):
Code:
iptables -I INPUT -p TCP --dport 22 --syn -m connlimit --connlimit-above 20 -j REJECT
...but yeah, this doesn't let you limit per user (only per client IP).

prayag_pjs 11-09-2010 11:33 PM
You can write custom wrapper script, who will be checking connections and their number on the SSH port, if reach max number - print some banner (connection refused : max number reached), if not - print some welcome banner.

anomie 11-10-2010 10:12 AM
Quote:
Originally Posted by kirankumarburgu
I am getting below error if i try with Max sessions option.
any idea why ssh is failing to start?
My fault - I should have asked your OpenSSH version. (In my defense, please include your distro / version when you start a thread next time.)


All times are GMT -5. The time now is 01:22 PM.