Hello, thank you very much, I appreciate your answer. Yes, I've found additional config needed in ssh_conf (client) regarding ControlMaster. But generally speaking(just what I think), I cannot force every user to use ControlMaster, because they dont have to. And if they don't set ControlMaster they can establish more sessions within one TCP session. Another problem is, clients are using WIN stations and etc. putty application so there is no ControlMaster option. So whats my general purpose: Restrict number of sessions within one TCP session for independent clients (mostly win) who are connecting to my server. It has come to my mind to use pf cause I know there is max-src-conn parameter, but i think this parameter just restrict tcp sessions, so pf doesnt see channels inside tcp sessions. I hope you understand. Thank you.
Miro 2011/12/11 Mark Uemura <[email protected]> > Dear Miro, > > Sorry for the late reply on this. The sshd_config man page shows: > > MaxSessions > Specifies the maximum number of open sessions permitted per > network connection. The default is 10. > > The above is per connection which is controlled by the "ControlMaster" > keyword in the client. So, if you don't want to have multiple sessions in > the same TCP session, just make sure that you set: > > ControlMaster no > > in your ~/.ssh/config file. > > However, this doesn't stop you from creating another session. The above > just ensures that you don't use an existing network session. If you want > to restrict a user to just one network connection, you may want to look at > "authpf" and/or "pf" can also do this sort of thing with "max-src-conn > <number>". > > I hope that this helps. If you need more help, please post a question to > "misc@" as this the kind of question that should be asked there. > > Happy holidays! > > Best regards, > > Mark > > Begin forwarded message: > > *From: *Cani Miroslav <[email protected]> > *Subject: **N2K8 Hackathon article - sshd - MaxSession* > *Date: *30 November, 2011 3:00:23 AM GMT+09:00 > *To: *[email protected] > > Hello, > > I'm sorry I write just like that. I had found* *Network Hackathon (Part > 3) article when I was looking for my solution and there is a link connected > with Mark Uemura. > So I write to this email, i hope to the correct one. > I have problem with "MaxSessions" parameter in sshd and I've found that > you guys were talking about in this article. > I would like to restrict number of sessions via one ssh connection. For > example for tcp forwarding. > When I set MaxSessions to 0, logons are not working (thats fine, it works) > but when I set to 1 I can have multiple sessions via one ssh connection and > set it to 2 or more has no effect as well then. > Maybe you can direct me to right solution. > I test it like this: Open ssh connection from putty(win) to server(BSD). > Port forwarding is in use (http). So i use SOCKS in browser. > I download two files simultaneously > <http://slovnik.azet.sk/preklad/anglicko-slovensky/?q=simultaneous>from > two different websites and its working for both throught this tunnel but it > should not (MaxSession is set to 1). > sshd - OpenSSH 5.2 portable for FreeBSD > OS - FBSD 6.2 > Thank you for any help. > > Miro > * *
