有條件地停止互動式和非互動式ssh登入並給出錯誤訊息

Question

我想通了。我可以實作一個 PAM 模組來做到這一點。

將以下內容儲存到文件/root/checkConnections.

#! /bin/bash

limit=$1
c=$(pgrep -xcu $PAM_USER sshd)
if [[ $c -ge "$limit" ]]; then 
    echo "Max $limit ssh connections allowed, but you have $c."
    exit 1
fi

然後在/etc/pam.d/sshd中加入

session required pam_exec.so stdout /root/checkConnections 5

pam_exec.so執行 shell 腳本，stdout向使用者終端輸出訊息。

當條件失敗時，效果是這樣的。

$ ssh localhost
Welcome to Ubuntu 20.04.2 LTS (GNU/Linux 5.4.0-74-generic x86_64)

94 updates can be installed immediately.
0 of these updates are security updates.
To see these additional updates run: apt list --upgradable

Max 5 ssh connections allowed, but you have 5.
/root/checkConnections failed: exit code 1
Last login: Thu Jun 24 12:19:27 2021 from 172.18.33.67
Connection to localhost closed.

Answer 1

我想通了。我可以實作一個 PAM 模組來做到這一點。

將以下內容儲存到文件/root/checkConnections.

#! /bin/bash

limit=$1
c=$(pgrep -xcu $PAM_USER sshd)
if [[ $c -ge "$limit" ]]; then 
    echo "Max $limit ssh connections allowed, but you have $c."
    exit 1
fi

然後在/etc/pam.d/sshd中加入

session required pam_exec.so stdout /root/checkConnections 5

pam_exec.so執行 shell 腳本，stdout向使用者終端輸出訊息。

當條件失敗時，效果是這樣的。

$ ssh localhost
Welcome to Ubuntu 20.04.2 LTS (GNU/Linux 5.4.0-74-generic x86_64)

94 updates can be installed immediately.
0 of these updates are security updates.
To see these additional updates run: apt list --upgradable

Max 5 ssh connections allowed, but you have 5.
/root/checkConnections failed: exit code 1
Last login: Thu Jun 24 12:19:27 2021 from 172.18.33.67
Connection to localhost closed.

有條件地停止互動式和非互動式ssh登入並給出錯誤訊息

答案1

相關內容