My original intention in this article was to remove the "copy SSH Channel" and "Copy ssh Session" functions from the remote SSH client. So I thought I could set it up on the SSH server, but looked at the Sshd_config man Manual, It is found that the parameters that appear to limit the number of SSH connections (MaxSessions, Clientalivecountmax, etc.) are not useful in the replication SSH channel, that is, a remote SSH client can establish an SSH session in this way with virtually unlimited It makes people feel "uncomfortable".
For example, I am doing one thing and suddenly want to go out, but I do not want to change any operation in the current terminal, do not want to let others come to me after I go out to move the work I am doing, then I can simply press Ctrl+s to lock the terminal data input and output (although the input is not locked, But the input will not be visible to the user, and when I come back I can then unlock the screen by pressing Ctrl+q, so that colleagues who are unfamiliar with Linux will not interfere with my work without locking the entire system. But I know that I can create a new SSH connection by copying the SSH channel/session, which is not possible to be viewed one after another in the complicated work, so I want to write a shell script directly to realize this requirement.
The idea is still relatively simple, the code does not have a few lines. First of all, this script must have a loop, in order to play a continuous monitoring ability, through the command constantly query the SSHD port connected users and the number of connections per user, if the number exceeds the maximum number of connections I set, then through the command to find these connected sessions, and then through the command to end these sessions, so as to achieve the purpose.
But there are several issues to consider:
User keys, especially for shortcuts (such as ctrl+d,ctrl+c or ctrl+\ processing)
The number of PTS may be the maximum value in the shell script, unless the new logged-on user's PTS value only increases without decreasing
Pam Security module may have a better solution (shell scripts are definitely not the best solution)
The script that passes the test is as follows:
#!/bin/bash# this shell script will knock out extra ssh Connection# max_number_of_ssh_client max_number_of_ssh_client=3# lsof is essentialif [[ ! -x ' Which lsof ' ]]; thenyum install lsof -yretval=$?if [[ "$RETVAL" -ne "0" ]]; thenecho "error: can not use lsof command, please check your internet connection or install lsof by manual! "exit $RETVALfielse # todo# for awk, grep, etcecho "success: this shell script will knock out extra ssh connection "Fi# a main worker# loopwhile : ; dossh_port= ' netstat -anopt | grep sshd | awk ' {print $4} ' | awk -F ': ' ' {print $2} '  |&NBsp;grep -v ^$ | uniq ' ssh_clients= ' lsof -i: $ssh _port | grep \> | awk ' {print $9} ' | awk -F ': ' ' {print $ (NF-1)} ' | uniq | awk -F ' > ' ' {print $2} ' for ssh_client in $ssh _ Clients; donumber_of_ssh_client= ' lsof -i: $ssh _port | grep $ssh _CLIENT | WC -l ' if [[ $number _of_ssh_client -gt $max _number_of_ssh_client ]]; Thennumber_pts= ' w -hs | grep $ssh _client | awk ' {print $2} ' | awk -F '/' ' {print $2} ' | awk ' begin {max=0} {if ($ >max) max=$1 fi} end {print max} ' # todo# another solution maybe exist# kill extra loginspkill -kill -t pts/$number _ptsif [[ $? -eq 0 ]]; thenecho "success: extra connections [email protected]/$number _pts has been knocked out! "elseecho " warnning: can not knock out extra connections! "fielse# todo# too many info displayedecho " INFO: number of ssh connections is NORMAL! "# sleep 1sleep 1fidonedone
Note: Several todo in the script can be considered, followed by the broken English, please skip it,:)
This article is from "Communication, My Favorites" blog, please make sure to keep this source http://dgd2010.blog.51cto.com/1539422/1670233
Linux Shell scripts limit ssh Maximum user logins