On Mon, Nov 12, 2012 at 10:27 AM, Oleg Goldshmidt <p...@goldshmidt.org>wrote:
> On Mon, Nov 12, 2012 at 10:05 AM, Elazar Leibovich <elaz...@gmail.com> > wrote: > > > > I'm considering to disallow concurrent ssh sessions on a single-purpose > > production machine (say, DB server). > > > > I thought of replacing the default shell with a shell that keeps its pid > > file in a central place. If such a file already exist, it'll kill the > other > > running shell before logging in. > > Can't you use MaxSessions and/or MaxStartups in sshd config for this? > This options, as far as I can tell, drops new connections. I don't want to have a locked server, so I always allow new sessions to kill old ones. But never run concurrently. (There's a slight issue of scp not working, but this can be taken care of, by less privilleged user which is allowed in, just for rsync/files) > > Whatever you do, make sure sshd kills sessions after some appropriate > timeout, otherwise you may find yourself in trouble... ;-) > No problem with my scheme, if sshd won't kill old sessions, new sessions will... (or maybe I misunderstand you). > > -- > Oleg Goldshmidt | p...@goldshmidt.org >
_______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il