[BSD6] SSH Restriction

karim.bourenane at orange-ftgroup.com karim.bourenane at orange-ftgroup.com
Fri Aug 1 12:16:11 UTC 2008

Hi Ed

Thank for your reply and information. 
Just confirmation, login.conf is used juste for login access as telnet, not for ssh. Its right ?

So we waiting your reply for openssh.

Thanks you very much.


     Karim Bourenane
112 Av. Charles de Gaules
92520 Neuilly S/Seine
Phone:	+33156 76 35 52
Fax:	+33156 76 35 04

-----Original Message-----
From: Ed Schouten [mailto:ed at 80386.nl] 
Sent: vendredi 1 août 2008 14:10
Cc: FreeBSD Current
Subject: Re: [BSD6] SSH Restriction

Hello Karim,

* karim.bourenane at orange-ftgroup.com <karim.bourenane at orange-ftgroup.com> wrote:
> I have one question. How i can restrict ( limit ) 1 user to have for 
> exemple 5 ssh connection in simutanous time, no more ?

It's quite funny you ask this question, because I've been working on this last week.

The new TTY code, which I'll commit next week, adds a new rlimit to the kernel called RLIMIT_NPTS. This rlimit allows you to limit the number of pseudo-terminals allocated by a single user. This means you can limit the number of login sessions by tuning the "pseudoterminals" field in /etc/login.conf.

This seems to work with tools like screen(1), xterm(1), etc.
Unfortunately I didn't get it working with OpenSSH, because OpenSSH allocates terminals while been root. I've already contacted the OpenSSH folks about this, but I haven't got any response (yet).

 Ed Schouten <ed at 80386.nl>
 WWW: http://80386.nl/

This message and any attachments (the "message") are confidential and intended solely for the addressees. 
Any unauthorised use or dissemination is prohibited.
Messages are susceptible to alteration. 
France Telecom Group shall not be liable for the message if altered, changed or falsified.
If you are not the intended addressee of this message, please cancel it immediately and inform the sender.

More information about the freebsd-current mailing list