mjhjmtu

My company has the requirement that I have one server application running, which all users accessing it via putty terminal. I want to write a shell script that only 20 putty terminal should be open. If 21st terminal open then I want to close that terminal immediately.

How can I achieve this?

Please help me.

Edit your /etc/sshd_config on the server side and change the line:

#MaxSessions 10

to

MaxSessions 20

See man sshd_config:

 MaxSessions
 Specifies the maximum number of open shell, login or subsystem
 (e.g. sftp) sessions permitted per network connection. Multiple
 sessions may be established by clients that support connection
 multiplexing. Setting MaxSessions to 1 will effectively disable
 session multiplexing, whereas setting it to 0 will prevent all
 shell, login and subsystem sessions while still permitting for-
 warding. The default is 10.

George's solution works fine however you asked for a bash script...

So consider this one for other situations when there is no option like MaxSessions of sshd, then you can use something like this:

if [ "$(pgrep -cx processName)" -gt 20 ]; then pkill -xn processName; fi; 

Which pkill -n will kill the newest instance of processName.

The correct solution for this special situation is George's answer.

I've decided to elaborate and test the Ravexina's idea. It works and it is effective if you want to restrict the number of established ssh connections at all.

First I found when the ssh daemon is running without any connection there is one sshd process. For each new connection two new sshd processes are created. So if you want limit of 20 connections the threshold should be 41 (1+2x20) instead of 20.

Then I've created an executable file, named /usr/local/bin/limit-sshd, that looks as follow:

#!/bin/sh
if [ "$(pgrep -cx sshd)" -gt 7 ]
then
 echo 'nThe limit was reached!n'
 pkill -xn sshd
fi

• The threshold here is 7, respectively only 3 connection could be established and the rest will be dropped.

Finally I've added the following directive to /etc/ssh/sshd_config:

ForceCommand /usr/local/bin/limit-sshd; $SHELL

• The variable $SHELL will execute the default user's shell.


• An unwanted effect is that the greeting message is not longer available.


• Do not forget to restart the ssh daemon: sudo systemctl restart sshd.service

Here is how this works (click on the image to see an animated demo):

Further, I realised we do not need to kill anything, if we modify the script in this way:

#!/bin/sh
if [ "$(pgrep -cx sshd)" -gt 7 ]
then
 echo 'nThe limit was reached!n'
 exit # This line is not mandatory
else
 eval "$SHELL"
fi

And respectively /etc/ssh/sshd_config in this way:

ForceCommand /usr/local/bin/limit-sshd

The question isn't clear. Let me tell first how do I understand it and in which way, IMO, it should be asked:

We have local network where one server supplies a specific
application. Our team access this application via ssh connection from
their computers to the server by using PuTTY. Each team member has its
own user account that is used to establish the ssh connections (or maybe: all team members use a common user account).

The team members doesn't use the server for any other purposes and we want to limit the number of their ssh connections to 20, no matter how much connections are established yet by a particular user (or maybe: 20 connections per user).

If that interpretation is correct, probably a correct way to fulfil the requirements is to create a user group, then add all user accounts to that group and limit the number of maxlogins via /etc/security/limits.conf.

1. 
   

   Create a group, called for example the-app-maxlogins, with group id 10 000:

   
   
   

   sudo groupadd -g 10000 the-app-maxlogins
   

   
   


2. 
   

   Add the users to that group - sudo adduser <user> <group>:

   
   
   

   for user in "user1" "user2" "user3"; do sudo adduser "$user" the-app-maxlogins; done
   

   
   


3. 
   

   Add the next line to /etc/security/limits.conf to limit the maxlogins of the entire group:

   
   
   

   %the-app-maxlogins - maxlogins 20
   

   
   
   

   Or add the following line to limit the maximum logins number per user of the group:

   
   
   

   @the-app-maxlogins - maxlogins 20
   

   
   


4. 
   

   Edit /etc/ssh/sshd_config and add the following lines to the bottom(!) of the file to disable session multiplexing for that group (probably this is not mandatory in that case):

   
   
   

   Match Group the-app-maxlogins
    MaxSessions 1
   

   
   

This solution will limit the number the logins of the affected users no matter through ssh or tty. If you want to apply it for a certain user not for a group just add a line as the follow in limits.conf or place it into a separate .conf file within the directory /etc/security/limits.d/:

username - maxlogins 20

Simple explanation of the actual meaning of the directive MaxSessions is provided in this answer. The main source of the current answer is another answer under the same L&U's question.

The other answer of mine, could provide workaround in some way, but it is a kind of fun rather than true solution.