Bash script to limit the number of logins
Bash script to limit the number of logins
My company has the requirement that I have one server application running, which all users accessing it via putty terminal. I want to write a shell script that only 20 putty terminal should be open. If 21st terminal open then I want to close that terminal immediately.
How can I achieve this?
Please help me.
MaxSessions
If your corporation has a policy of 20 maximum sessions and the default is 10 (as the highest voted answer says), why did your company raise the number of allowable sessions > 20 in
/etc/sshd_config, or is this a Ubuntu bug?– WinEunuuchs2Unix
Aug 30 at 0:51
/etc/sshd_config
If 21st terminal open then I want to close that terminal immediately So the 20 first connections can hog the server indefinitely?
– xenoid
Aug 30 at 12:26
4 Answers
4
Edit your /etc/sshd_config on the server side and change the line:
/etc/sshd_config
#MaxSessions 10
to
MaxSessions 20
See man sshd_config:
man sshd_config
MaxSessions
Specifies the maximum number of open shell, login or subsystem
(e.g. sftp) sessions permitted per network connection. Multiple
sessions may be established by clients that support connection
multiplexing. Setting MaxSessions to 1 will effectively disable
session multiplexing, whereas setting it to 0 will prevent all
shell, login and subsystem sessions while still permitting for-
warding. The default is 10.
yeah its works, bit late to add it as answer.
– rɑːdʒɑ
Aug 29 at 10:13
I've been meaning to setup SSSH thingy on one of my old laptops for awhile now. Is the man page saying that by default only 10 users can sign into the server? Even back in the 80's we could have a hundred users sign into an IBM S/36 mini-computer with 2 MB of RAM.
– WinEunuuchs2Unix
Aug 30 at 1:14
You are confusing sessions as in open terminals (see OP) with sessions inside a SSH connection. The setting you mention is about how many "sub-connections" are allowed by a single ssh-connection. So running 30 "ssh" commands is no problem even with
MaxSessions 20. The sessions mentioned there are about things like port-forwardings (and even having more than one shell open) using the same connection, not about the number of logins on the system.– allo
Aug 30 at 8:56
MaxSessions 20
@allo this information you got from OP?
– George Udosen
Aug 30 at 9:21
@allo is correct here, MaxSessions refers to session multiplexing over a single TCP connection. Unless all of OP's users are doing strange things to share a single TCP connection to the server this limit won't affect them. I've just verified this myself by setting a low MaxSessions limit on a server and opening more than that many connections to it.
– Joe Lee-Moyet
Aug 30 at 16:44
George's solution works fine however you asked for a bash script...
So consider this one for other situations when there is no option like MaxSessions of sshd, then you can use something like this:
MaxSessions
sshd
if [ "$(pgrep -cx processName)" -gt 20 ]; then pkill -xn processName; fi;
Which pkill -n will kill the newest instance of processName.
pkill -n
processName
The correct solution for this special situation is George's answer.
Wouldn't this also prevent subprocesses?
– RonJohn
Aug 29 at 15:56
Yeah it causes sub-process to be killed too.
– Ravexina
Aug 29 at 16:11
Then -- given that bash forks lots of subprocesses, and they want to limit users, not processes -- this doesn't appear to be a useful answer.
– RonJohn
Aug 29 at 16:26
@RonJohn It was a useful answer corresponding to the user requirements (A script that closes a process immediately) and for other users coming from search engines (a general answer to the title) until you edited the question.
– Ravexina
Aug 29 at 16:39
Let me come in here. I also know that this place directs users to the right path based on the questions asked. If OP asks a question and the right answer (based on OP's question) isn't necessarily the best practice or right approach I think any one has the right to state this or give answers inline with that observation. I don't really think we should take the option of deciding what answer is the best let OP decide and I love to see many options from well informed site members. Please lets always have a constructive debate it helps me if not any other person!
– George Udosen
Aug 30 at 6:46
I've decided to elaborate and test the Ravexina's idea. It works and it is effective if you want to restrict the number of established ssh connections at all.
First I found when the ssh daemon is running without any connection there is one sshd process. For each new connection two new sshd processes are created. So if you want limit of 20 connections the threshold should be 41 (1+2x20) instead of 20.
sshd
sshd
Then I've created an executable file, named /usr/local/bin/limit-sshd, that looks as follow:
/usr/local/bin/limit-sshd
#!/bin/sh
if [ "$(pgrep -cx sshd)" -gt 7 ]
then
echo 'nThe limit was reached!n'
pkill -xn sshd
fi
Finally I've added the following directive to /etc/ssh/sshd_config:
/etc/ssh/sshd_config
ForceCommand /usr/local/bin/limit-sshd; $SHELL
$SHELL
sudo systemctl restart sshd.service
Here is how this works (click on the image to see an animated demo):
Further, I realised we do not need to kill anything, if we modify the script in this way:
#!/bin/sh
if [ "$(pgrep -cx sshd)" -gt 7 ]
then
echo 'nThe limit was reached!n'
exit # This line is not mandatory
else
eval "$SHELL"
fi
And respectively /etc/ssh/sshd_config in this way:
/etc/ssh/sshd_config
ForceCommand /usr/local/bin/limit-sshd
The question isn't clear. Let me tell first how do I understand it and in which way, IMO, it should be asked:
We have local network where one server supplies a specific
application. Our team access this application via ssh connection from
their computers to the server by using PuTTY. Each team member has its
own user account that is used to establish the ssh connections (or maybe: all team members use a common user account).
The team members doesn't use the server for any other purposes and we want to limit the number of their ssh connections to 20, no matter how much connections are established yet by a particular user (or maybe: 20 connections per user).
If that interpretation is correct, probably a correct way to fulfil the requirements is to create a user group, then add all user accounts to that group and limit the number of maxlogins via /etc/security/limits.conf.
/etc/security/limits.conf
Create a group, called for example the-app-maxlogins, with group id 10 000:
the-app-maxlogins
10 000
sudo groupadd -g 10000 the-app-maxlogins
Add the users to that group - sudo adduser <user> <group>:
sudo adduser <user> <group>
for user in "user1" "user2" "user3"; do sudo adduser "$user" the-app-maxlogins; done
Add the next line to /etc/security/limits.conf to limit the maxlogins of the entire group:
/etc/security/limits.conf
%the-app-maxlogins - maxlogins 20
Or add the following line to limit the maximum logins number per user of the group:
@the-app-maxlogins - maxlogins 20
Edit /etc/ssh/sshd_config and add the following lines to the bottom(!) of the file to disable session multiplexing for that group (probably this is not mandatory in that case):
/etc/ssh/sshd_config
Match Group the-app-maxlogins
MaxSessions 1
This solution will limit the number the logins of the affected users no matter through ssh or tty. If you want to apply it for a certain user not for a group just add a line as the follow in limits.conf or place it into a separate .conf file within the directory /etc/security/limits.d/:
limits.conf
.conf
/etc/security/limits.d/
username - maxlogins 20
Simple explanation of the actual meaning of the directive MaxSessions is provided in this answer. The main source of the current answer is another answer under the same L&U's question.
MaxSessions
The other answer of mine, could provide workaround in some way, but it is a kind of fun rather than true solution.
Required, but never shown
Required, but never shown
By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.
Set the max number connections allowed access in ssh to 20 on the server in the
MaxSessionsfield– George Udosen
Aug 29 at 10:03