topic Multiple Telnet Sessions by one user in Operating System - HP-UX

Multiple Telnet Sessions by one user

Darrell Albee — Wed, 05 Dec 2001 21:05:26 GMT

Is there a way (probably by a script) to limit a users number of connections by I/P address. Here, all users login at the unix level with the same user id and within our software is where we have user specific security setup. The problem we are having is, within our software we have a specific number of licenses and at the unix level we have unlimited. We keep running out of licenses in our software because of users logging into the system more than once through the network. Does anyone have any suggestions?

Re: Multiple Telnet Sessions by one user

Sanjay_6 — Wed, 05 Dec 2001 21:09:32 GMT

Hi Darrell,

I don't think there is any easy way to do this.

Thanks

Re: Multiple Telnet Sessions by one user

G. Vrijhoeven — Wed, 05 Dec 2001 21:11:32 GMT

Hi,

when a user logs in the .profile is run. You can build in a check like this:

TEST=`ps -u `logname` | grep application_name`
if [ "$TEST" -eq "" ]
then
exit 0
fi

Hope this will help,

Gideon

Re: Multiple Telnet Sessions by one user

Darrell Allen — Wed, 05 Dec 2001 21:11:38 GMT

Hi Darrell,

What a great first name!

Here's some threads to check:

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x101372106351d5118fef0090279cd0f9,00.html

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xb16b972194d6d5118ff40090279cd0f9,00.html

I'm sure you can find more using the search feature. And you can also go to search.hp.com where you might get more hits.

Darrell

Re: Multiple Telnet Sessions by one user

Craig Rants — Wed, 05 Dec 2001 21:13:55 GMT

Not by IP, but you could by userid. However, necessity is the mother of all invention. I'm sure that you probably can figure something out.

Good Luck,
C

Re: Multiple Telnet Sessions by one user

Sridhar Bhaskarla — Wed, 05 Dec 2001 21:14:04 GMT

Hi,

Keep this small script in your /etc/profile

This will not allow more than two telnet sessions.

NO=`who -R |grep $LOGNAME|wc -l`
if [ $NO -ge 2 ]
then
echo "You are not allowed to telnet more than twice"
exit 1
fi

-Sri

Re: Multiple Telnet Sessions by one user

Sridhar Bhaskarla — Wed, 05 Dec 2001 21:18:07 GMT

Ooops.. You wanted by IP.. you can modify the same script like this.

IP=`who -mR |awk '{FS="(";print $2}'|awk '{FS=")";print $1}'`
NO=`who -R |grep $IP|wc -l`
if [ $NO -ge 2 ]
then
echo "You are not allowed to login more than twice
from $IP"
exit 1
fi

-Sri

Re: Multiple Telnet Sessions by one user

James R. Ferguson — Wed, 05 Dec 2001 21:19:34 GMT

Hi Darrell:

Since you indicate that every user uses the same login, you will have to track by IPAddress or hostname.

Consider adding a snippet of code to /etc/profile that runs 'last' and looks for a match against 'who -m' and if matched, exits.

Regards!

...JRF...

Re: Multiple Telnet Sessions by one user

Sanjay_6 — Wed, 05 Dec 2001 21:19:49 GMT

Guys,

He does not want to restrict the userid since all his users use the same user id. He wants to restrict multiple login from a particular ip workstation. Say only two telnet logins from any workstation. If more than two telnet sessions from a single ip, it should block/exit that telnet session.

Thanks

Re: Multiple Telnet Sessions by one user

G. Vrijhoeven — Wed, 05 Dec 2001 21:25:55 GMT

Hi,

ok just add :

TEST=`ps -ef | grep application | wc -l`
if [ $TEST -lt n ]
n=number of licenses

Gideon

Re: Multiple Telnet Sessions by one user

Darrell Allen — Wed, 05 Dec 2001 21:59:11 GMT

Hi again,

Sri has your answer. Personally I like using who -u because you can get the IP with awk using {print $NF}

You may also want to grep the who output for the common login in case some are allowed to login as the common user as well as a normal account.

Darrell