Re: sshd configure howto
From an architecture standpoint, It wouldn't be within the mandate of sshd(8) anyway. You'd accomplish this using some userland resource quota enforcement policy (max number of processes, max instances of a shell). Hell you could do it in /etc/profile or ~/.cshrc I don't know of one OTTMH, but I'm sure that one probably exists out there. PS this sounds like a perfectly good idea for embedded platforms. ~BAS On Sun, 2007-03-18 at 13:49 +0800, Jay Jesus Amorin wrote: im using this set-up for pf/authpf authentication gateway, all i'm concern of is i dont want my user use other users account.
Re: sshd configure howto
On Sun, Mar 18, 2007 at 01:49:43PM +0800, Jay Jesus Amorin wrote: On 3/17/07, Joachim Schipper [EMAIL PROTECTED] wrote: On Sat, Mar 17, 2007 at 12:46:29PM +0800, Jay Jesus Amorin wrote: On 3/17/07, Joachim Schipper [EMAIL PROTECTED] wrote: On Fri, Mar 16, 2007 at 07:17:10PM +0800, Jay Jesus Amorin wrote: hi gurus, how will i configure sshd to allow only one username at a time. example: on pc1 ssh [EMAIL PROTECTED] on pc2 ssh [EMAIL PROTECTED] now what i like to happen is ssh on pc2 should be drop bec. the user root is already connected from pc1. is it possible with to configure sshd that way like ssh will already drop ssh root from pc2 bec. username root is already connected from pc1? I don't think that is a smart idea, and I am not aware of any way to implement this particular requirement. You could probably write a daemon or cron job that takes a look at the number of ptys in use by any single account, and so on. thanks for the ideas Not to appear too nosy, but what do you *really* want to do? If you are concerned about people leaving root sessions unattended, perhaps a timeout would be a better way of achieving this? IIRC, there are some programs that will lock a console when it's not used for X seconds. im using this set-up for pf/authpf authentication gateway, all i'm concern of is i dont want my user use other users account. In that case, would a regular cron job plus a large stick not be far more effective? It will also cause less confused helpdesk calls ('I could log in yesterday, but today...'). Joachim
Re: sshd configure howto
On Sat, Mar 17, 2007 at 12:46:29PM +0800, Jay Jesus Amorin wrote: On 3/17/07, Joachim Schipper [EMAIL PROTECTED] wrote: On Fri, Mar 16, 2007 at 07:17:10PM +0800, Jay Jesus Amorin wrote: hi gurus, how will i configure sshd to allow only one username at a time. example: on pc1 ssh [EMAIL PROTECTED] on pc2 ssh [EMAIL PROTECTED] now what i like to happen is ssh on pc2 should be drop bec. the user root is already connected from pc1. is it possible with to configure sshd that way like ssh will already drop ssh root from pc2 bec. username root is already connected from pc1? I don't think that is a smart idea, and I am not aware of any way to implement this particular requirement. You could probably write a daemon or cron job that takes a look at the number of ptys in use by any single account, and so on. thanks for the ideas Not to appear too nosy, but what do you *really* want to do? If you are concerned about people leaving root sessions unattended, perhaps a timeout would be a better way of achieving this? IIRC, there are some programs that will lock a console when it's not used for X seconds. Joachim
Re: sshd configure howto
im using this set-up for pf/authpf authentication gateway, all i'm concern of is i dont want my user use other users account. hope this helps you help me. thanks --jay-- On 3/17/07, Joachim Schipper [EMAIL PROTECTED] wrote: On Sat, Mar 17, 2007 at 12:46:29PM +0800, Jay Jesus Amorin wrote: On 3/17/07, Joachim Schipper [EMAIL PROTECTED] wrote: On Fri, Mar 16, 2007 at 07:17:10PM +0800, Jay Jesus Amorin wrote: hi gurus, how will i configure sshd to allow only one username at a time. example: on pc1 ssh [EMAIL PROTECTED] on pc2 ssh [EMAIL PROTECTED] now what i like to happen is ssh on pc2 should be drop bec. the user root is already connected from pc1. is it possible with to configure sshd that way like ssh will already drop ssh root from pc2 bec. username root is already connected from pc1? I don't think that is a smart idea, and I am not aware of any way to implement this particular requirement. You could probably write a daemon or cron job that takes a look at the number of ptys in use by any single account, and so on. thanks for the ideas Not to appear too nosy, but what do you *really* want to do? If you are concerned about people leaving root sessions unattended, perhaps a timeout would be a better way of achieving this? IIRC, there are some programs that will lock a console when it's not used for X seconds. Joachim
sshd configure howto
hi gurus, how will i configure sshd to allow only one username at a time. example: on pc1 ssh [EMAIL PROTECTED] on pc2 ssh [EMAIL PROTECTED] now what i like to happen is ssh on pc2 should be drop bec. the user root is already connected from pc1. is it possible with to configure sshd that way like ssh will already drop ssh root from pc2 bec. username root is already connected from pc1? --jay--
Re: sshd configure howto
On Fri, Mar 16, 2007 at 07:17:10PM +0800, Jay Jesus Amorin wrote: hi gurus, how will i configure sshd to allow only one username at a time. example: on pc1 ssh [EMAIL PROTECTED] on pc2 ssh [EMAIL PROTECTED] now what i like to happen is ssh on pc2 should be drop bec. the user root is already connected from pc1. is it possible with to configure sshd that way like ssh will already drop ssh root from pc2 bec. username root is already connected from pc1? I don't think that is a smart idea, and I am not aware of any way to implement this particular requirement. You could probably write a daemon or cron job that takes a look at the number of ptys in use by any single account, and so on. Joachim
Re: sshd configure howto
thanks for the ideas On 3/17/07, Joachim Schipper [EMAIL PROTECTED] wrote: On Fri, Mar 16, 2007 at 07:17:10PM +0800, Jay Jesus Amorin wrote: hi gurus, how will i configure sshd to allow only one username at a time. example: on pc1 ssh [EMAIL PROTECTED] on pc2 ssh [EMAIL PROTECTED] now what i like to happen is ssh on pc2 should be drop bec. the user root is already connected from pc1. is it possible with to configure sshd that way like ssh will already drop ssh root from pc2 bec. username root is already connected from pc1? I don't think that is a smart idea, and I am not aware of any way to implement this particular requirement. You could probably write a daemon or cron job that takes a look at the number of ptys in use by any single account, and so on. Joachim -- Jay Jesus D. Amorin, CCNA, LPIC-1 Department of Mathematics, University of the Philippines, Diliman Mobile No. +639156275787 Landline No. +63 02 434-2309 Email Address: jdamorin [at] gmail [dot] com Email Address: jay [at] math [dot] upd [dot] edu [dot] ph -- Be liberal in what you accept, and conservative in what you send. --