- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Re: PAM limits won't work on SFTP or SCP
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2011 11:40 AM
тАО02-03-2011 11:40 AM
PAM limits won't work on SFTP or SCP
b.t.w. I'm using Debian 5 with OpenSSH 5.1.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-04-2011 07:19 AM
тАО02-04-2011 07:19 AM
Re: PAM limits won't work on SFTP or SCP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-04-2011 07:35 AM
тАО02-04-2011 07:35 AM
Re: PAM limits won't work on SFTP or SCP
test hard maxlogins 1
/etc/ssh/sshd_conf
UsePam yes
like I said, this works for SSH.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-08-2011 03:38 AM
тАО02-08-2011 03:38 AM
Re: PAM limits won't work on SFTP or SCP
Apparently the PAM limits module defines a session as "a login entry in the utmp file". That's simple and matches general Unix behavior, but it also means that any sessions with no utmp entry are not counted in PAM session limits.
By looking at the source code of OpenSSH, the utmp file is updated in session.c, in function do_pre_login(). That function in called from function do_exec_pty() only, which is executed if the session has a PTY allocated. If the session has no PTY, the function do_exec_no_pty() is used instead, and thus an utmp entry is not written for the session.
In theory, OpenSSH *could* invent some session-specific identifier in lieu of the PTY name and write an utmp entry using it. (I think some FTP servers do something like this.)
Or it could have a separate tracking system for PTYless sessions. So I would have to say this is mostly a limitation of OpenSSH.
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-08-2011 04:31 AM
тАО02-08-2011 04:31 AM
Re: PAM limits won't work on SFTP or SCP
I was wondering if this had to do something with tty since scp/ftp users don't show up when you run the "w" command.
So my logical next question would be; Does anyone know of an sftp server that allows me to enforce these PAM limits correctly or perhaps uses another method to limit the logon count per user to one?
Or perhaps this issue was fixed in Debian 6.
Gives me an good excuse to have a look their latest creation. :)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-08-2011 06:37 AM
тАО02-08-2011 06:37 AM
Re: PAM limits won't work on SFTP or SCP
You can try modding the Secure SHell Daemon in sshd_config and tweak the below parametre:
MaxStartups
Specifies the maximum number of concurrent unauthenticated connections to the sshd daemon. Additional connections will bedropped until authentication succeeds or the LoginGraceTime expires for a connection. The default is 10.
HTH.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-08-2011 07:43 AM
тАО02-08-2011 07:43 AM
Re: PAM limits won't work on SFTP or SCP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-08-2011 10:54 AM
тАО02-08-2011 10:54 AM