0

In the sshd_condifg I have set following entries:

maxstartups 50:100:50
clientalivecountmax 3
maxauthtries 3

But still in the ps results I can see at least processes that look like this:

ps -fe|grep aaa_test
(...)
root     11014  5023  0 Oct13 ?        00:00:00 sshd: aaa_test [priv]
root     11164 11014  0 Oct13 ?        00:00:00 sshd: aaa_test@notty
(...)
ps -fe|grep notty|wc -l
245

Why is this happening? How can I limit the user to open max 3 connections using same username and maximum of 50 connections in total (all users)?

Jakuje
  • 24,773
  • 12
  • 69
  • 75
meso_2600
  • 1,940
  • 5
  • 25
  • 50

1 Answers1

0

According to manual, you can use simply maxstartups 50, which will be equivalent for your line and much more readable.

But reading further, you see that this limit is only for

MaxStartups

Specifies the maximum number of concurrent unauthenticated connections to the SSH daemon. [...]

Option ClientAliveCountMax is used for totally different thing than you think. Have a look into manual page:

ClientAliveCountMax

Sets the number of client alive messages (see below) which may be sent without sshd(8) receiving any messages back from the client. [...]

It doesn't specify anything about concurrency.

If I am right, there is no way to limit authenticated users on the ssh level. But you can do so on the level of application using some global .profile bash script or ForcedCommand option in ssh, which will count existing connection on system and based on the result, allow or deny to continue.

Community
  • 1
  • 1
Jakuje
  • 24,773
  • 12
  • 69
  • 75