LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-09-2010, 03:47 AM   #1
kirankumarburgu
LQ Newbie
 
Registered: Jan 2009
Posts: 3

Rep: Reputation: 0
how to restrict number of sftp connections.


Hi all,

if i want user should`t have more than 20 sftp connections to a server,
is there any way we can limit no.of connections to a particular user on the server using ssh configuration.

Thanks & Regards,
Kiran
 
Old 11-09-2010, 10:21 AM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
From the sshd_config(5) manpages:
Quote:
MaxSessions
Specifies the maximum number of open sessions permitted per net-
work connection. The default is 10.
This will only help if the user is opening multiple connections from the same IP.
 
Old 11-09-2010, 11:05 PM   #3
kirankumarburgu
LQ Newbie
 
Registered: Jan 2009
Posts: 3

Original Poster
Rep: Reputation: 0
I am getting below error if i try with Max sessions option.
any idea why ssh is failing to start?

[root@zin50lte-build ~]# ssh -V
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
[root@zin50lte-build ~]#
[root@zin50lte-build ~]# /etc/init.d/sshd start
Starting sshd:/etc/ssh/sshd_config: line 105: Bad configuration option: MaxSessions
/etc/ssh/sshd_config: terminating, 1 bad configuration options
[FAILED]
Thanks,
Kiran
 
Old 11-09-2010, 11:25 PM   #4
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by kirankumarburgu View Post
I am getting below error if i try with Max sessions option.
any idea why ssh is failing to start?

[root@zin50lte-build ~]# ssh -V
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
[root@zin50lte-build ~]#
[root@zin50lte-build ~]# /etc/init.d/sshd start
Starting sshd:/etc/ssh/sshd_config: line 105: Bad configuration option: MaxSessions
/etc/ssh/sshd_config: terminating, 1 bad configuration options
[FAILED]
Thanks,
Kiran
The changelog in the OpenSSH 5.1 release notes contains this entry:
Quote:
* Added a MaxSessions option to sshd_config(5) to allow control of the
number of multiplexed sessions supported over a single TCP connection.
This allows increasing the number of allowed sessions above the
previous default of 10, disabling connection multiplexing
(MaxSessions=1) or disallowing login/shell/subsystem sessions
entirely (MaxSessions=0).
...so it sounds like your version simply doesn't come with that option.

That said, have you considered using iptables to limit the number of connections which can be started from the same IP? You could do it with the connlimit match using something like (example):
Code:
iptables -I INPUT -p TCP --dport 22 --syn -m connlimit --connlimit-above 20 -j REJECT
...but yeah, this doesn't let you limit per user (only per client IP).

Last edited by win32sux; 11-09-2010 at 11:33 PM.
 
1 members found this post helpful.
Old 11-09-2010, 11:33 PM   #5
prayag_pjs
Senior Member
 
Registered: Feb 2008
Location: Pune - India
Distribution: RHEL/Ubuntu/Debian/Fedora/Centos/K3OS
Posts: 1,159
Blog Entries: 4

Rep: Reputation: 149Reputation: 149
You can write custom wrapper script, who will be checking connections and their number on the SSH port, if reach max number - print some banner (connection refused : max number reached), if not - print some welcome banner.
 
Old 11-10-2010, 10:12 AM   #6
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by kirankumarburgu
I am getting below error if i try with Max sessions option.
any idea why ssh is failing to start?
My fault - I should have asked your OpenSSH version. (In my defense, please include your distro / version when you start a thread next time.)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Restrict sftp access and changing its port farooq.pathan Linux - Security 2 03-17-2010 10:31 AM
Sendmail: How to restrict connections to LAN only rwalkerphl Linux - General 3 01-18-2008 01:41 AM
LXer: How to: Restrict Users to SCP and SFTP and Block SSH Shell Access with rssh LXer Syndicated Linux News 0 01-02-2008 12:00 PM
sshd restrict connections introuble Linux - Security 1 07-01-2005 07:57 AM
Restrict ssh/sftp with chroot? Chowroc Linux - Networking 4 01-25-2005 10:48 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration