On Fri, Dec 05, 2014 at 01:41:23AM +0000, Pathik wrote:
> 1. admin user is logged in to bastion host on port 22 and has a working
> shell(ksh,bash), has a source ip of 1.2.3.4
> 2. Other user logs in to port 22 and gets authpf shell has a source ip
> of 1.2.3.4
> 3. Other user disconnects its port 22 connection using ctrl+c, he is
> released from authpf and his entries get cleared in pf table.
> 4. Admin user who is logged in from another terminal from source ip
> 1.2.3.4 also receives a disconnect with message "Write failed: Broken
> pipe???
> on his ssh working shell.
The solution when two users have the same IP address is to use authpf-noip.
>From authpf(8)
authpf-noip is a user shell which allows multiple connections to take
place from the same IP address. It is useful primarily in cases where
connections are tunneled via the gateway system, and can be directly
associated with the user name. It cannot ensure accountability when
classifying connections by IP address; in this case the client's IP
address is not provided to the packet filter via the client_ip macro or
the authpf_users table. Additionally, states associated with the client
IP address are not purged when the session is ended.
