- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- SSH parameter UserLoginLimit does not seem to work
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-15-2009 01:53 AM
тАО04-15-2009 01:53 AM
SSH parameter UserLoginLimit does not seem to work.
If I set UserloginLimit = 1 in the demon config, and reboot or restart, I still can login several times under 1 username.
still, the release notes of latest TCPIP ECOs (5.4 ECO7 and 5.6 ECO3) say in the list of solved problems:
13-Jun-2007
Problem:
The SSH server configuration parameter UserLoginLimit was ignored.
Deliverables:
All SSH images
Reference:
TCPIP_BUGS Note 3591
Anybody have an idea?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-15-2009 03:56 AM
тАО04-15-2009 03:56 AM
SolutionLooks like the parameter is still being ignored. (A wag might comment the release note didn't say it was "fixed".)
ssh is not particularly tied into the OpenVMS security and authentication mechanisms.
As a work-around, use the OpenVMS mechanisms or use some local tests in SYLOGIN.COM or LOGIN.COM.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-16-2009 08:07 AM
тАО04-16-2009 08:07 AM
Re: SSH parameter UserLoginLimit does not seem to work
(2) ES40 Type 1 EV6 500Mhz 2GB
OpenVMS 7.3-2, TCPIP 5.4 ECO 7 (Currently)
Order/Entry Applicaion written in DEC BASIC (starting in about 1992 on VAX, I think parts were in COBOL but that was before my time here)
We have been using the MAXJOBS parameter in UAF to limit users to a single login by setting the value to 1. Our primary application is very simple and used for Order/Entry. This worked well for us and our application.
Utilizing SSH we ran into an issue. No one could logon. What we discovered is that during login authentication, 2 jobs were running during the login event itself for SSH and users were logged in and promptly logged out. We changed MAXJOBS to 2 or (n+1 where n is the number of logins we limit the bulk of the users to). Here is a snipit of SSH verbose output when MAXJOBS is set to 1.
debug: Ssh2Common/SSHCOMMON.C:372: Received SSH_CROSS_ALGORITHMS packet from co.
debug: Unable to open ssh2/identification
debug: Ssh2AuthClient/SSHAUTHC.C:348: Method 'publickey' disabled.
debug: Ssh2AuthPasswdClient/AUTHC-PASSWD.C:198: Starting password query...
uno4791's password:
debug: Ssh2Common/SSHCOMMON.C:290: Received SSH_CROSS_AUTHENTICATED packet from.
Authentication successful.
debug: Ssh2Common/SSHCOMMON.C:723: num_channels now 1
debug: DISPLAY not set; X11 forwarding disabled.
MAXJOB at n manifests here
debug: Ssh2ChannelSession/SSHCHSESSION.C:1912: received exit signal. signal num"
debug: Ssh2Common/SSHCOMMON.C:697: num_channels now 0
debug: Got session close with exit_status=0
debug: destroying client struct...
Connection to localhost closed.
The n+1 for MAXJOBS has worked well to keep our customers happy and has kept the audit teams happy as well.
For those users that require a greater value in MAXJOBS for reporting, mutiple logins, etc. we haven't had any problems using n+1 and they are the exception here.
PS: We have about 3000 users on this server of which 150-350 will be logged in simultaneously daily.
Don Nutt
Sprint
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-16-2009 08:26 AM
тАО04-16-2009 08:26 AM
Re: SSH parameter UserLoginLimit does not seem to work
Many thanks for sharing your experience with the forum community! For our sites it might be an alternative way to use MAXJOBS (with care).
Jan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-16-2009 08:49 AM
тАО04-16-2009 08:49 AM
Re: SSH parameter UserLoginLimit does not seem to work
We found that the best way to limit those users, though also possibly the clunkiest, was to have a little code snippet in SYLOGIN.COM that looks up the user name to see if that user was in the class that had the restrictions. If so, perform a
$ SHOW USER username/OUT=a-temporary-file
Then read the output to see how many jobs the user had (counting this one, of course). You can tell how many interactive, batch, and other jobs this user has in one line. Then apply your restriction rules.
Our system is smaller in user count than yours, so for us it wasn't such a long test to perform. If you do it right, it is almost invisible.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-17-2009 10:40 AM
тАО04-17-2009 10:40 AM
Re: SSH parameter UserLoginLimit does not seem to work
In case of other usernames, as soon as you hit the limit, VMS says "access denied", but doesnt say why. Which also makes sense.
Case closed.