Bash script to limit the number of logins

command-line bash scripts

My company has the requirement that I have one server application running, which all users accessing it via putty terminal. I want to write a shell script that only 20 putty terminal should be open. If 21st terminal open then I want to close that terminal immediately.

How can I achieve this?

Please help me.


Edit your /etc/sshd_config on the server side and change the line:

#MaxSessions 10

to 

MaxSessions 20

See man sshd_config:

 MaxSessions
         Specifies the maximum number of open shell, login or subsystem
         (e.g. sftp) sessions permitted per network connection.  Multiple
         sessions may be established by clients that support connection
         multiplexing.  Setting MaxSessions to 1 will effectively disable
         session multiplexing, whereas setting it to 0 will prevent all
         shell, login and subsystem sessions while still permitting for-
         warding.  The default is 10.

George's solution works fine however you asked for a bash script...

So consider this one for other situations when there is no option like MaxSessions of sshd, then you can use something like this:

if [ "$(pgrep -cx processName)" -gt 20 ]; then pkill -xn processName; fi;

Which pkill -n will kill the newest instance of processName.

The correct solution for this special situation is George's answer.


I've decided to elaborate and test the Ravexina's idea. It works and it is effective if you want to restrict the number of established ssh connections at all.

First I found when the ssh daemon is running without any connection there is one sshd process. For each new connection two new sshd processes are created. So if you want limit of 20 connections the threshold should be 41 (1+2x20) instead of 20.

Then I've created an executable file, named /usr/local/bin/limit-sshd, that looks as follow:

#!/bin/sh
if [ "$(pgrep -cx sshd)" -gt 7 ]
then
    echo '\nThe limit was reached!\n'
    pkill -xn sshd
fi
  • The threshold here is 7, respectively only 3 connection could be established and the rest will be dropped.

Finally I've added the following directive to /etc/ssh/sshd_config:

ForceCommand /usr/local/bin/limit-sshd; $SHELL
  • The variable $SHELL will execute the default user's shell.
  • An unwanted effect is that the greeting message is not longer available.
  • Do not forget to restart the ssh daemon: sudo systemctl restart sshd.service

Here is how this works (click on the image to see an animated demo):

enter image description here

Further, I realised we do not need to kill anything, if we modify the script in this way:

#!/bin/sh
if [ "$(pgrep -cx sshd)" -gt 7 ]
then
    echo '\nThe limit was reached!\n'
    exit # This line is not mandatory
else
    eval "$SHELL"
fi

And respectively /etc/ssh/sshd_config in this way:

ForceCommand /usr/local/bin/limit-sshd

The question isn't clear. Let me tell first how do I understand it and in which way, IMO, it should be asked:

We have local network where one server supplies a specific application. Our team access this application via ssh connection from their computers to the server by using PuTTY. Each team member has its own user account that is used to establish the ssh connections (or maybe: all team members use a common user account).

The team members doesn't use the server for any other purposes and we want to limit the number of their ssh connections to 20, no matter how much connections are established yet by a particular user (or maybe: 20 connections per user).

If that interpretation is correct, probably a correct way to fulfil the requirements is to create a user group, then add all user accounts to that group and limit the number of maxlogins via /etc/security/limits.conf.

  1. Create a group, called for example the-app-maxlogins, with group id 10 000:

    sudo groupadd -g 10000 the-app-maxlogins

  2. Add the users to that group - sudo adduser <user> <group>:

    for user in "user1" "user2" "user3"; do sudo adduser "$user" the-app-maxlogins; done

  3. Add the next line to /etc/security/limits.conf to limit the maxlogins of the entire group:

    %the-app-maxlogins      -       maxlogins       20

    Or add the following line to limit the maximum logins number per user of the group:

    @the-app-maxlogins      -       maxlogins       20

  4. Edit /etc/ssh/sshd_config and add the following lines to the bottom(!) of the file to disable session multiplexing for that group (probably this is not mandatory in that case):

    Match Group the-app-maxlogins
    MaxSessions 1

This solution will limit the number the logins of the affected users no matter through ssh or tty. If you want to apply it for a certain user not for a group just add a line as the follow in limits.conf or place it into a separate .conf file within the directory /etc/security/limits.d/:

username      -       maxlogins       20

Simple explanation of the actual meaning of the directive MaxSessions is provided in this answer. The main source of the current answer is another answer under the same L&U's question.

The other answer of mine, could provide workaround in some way, but it is a kind of fun rather than true solution.

Related

Download remote FTP directory
Can I hide the title bar of MPlayer in gnome?
How to login into a Ubuntu machine from Windows
Cannot add PPA: 'ppa:yannubuntu/boot-repair'
Unable to mount Kindle on Ubuntu 14.04
How to open a found file with vi? Piping 'find' output to vi [duplicate]
What's the correct way to revert Mysql 5.7 strict mode back to how it was in 5.6?
Is it possible to screenshot a window without the frame?
Ubuntu Philosophy Question [closed]
Using cd command to navigate directories in Ubuntu which have special characters [duplicate]
Run MongoDB service as daemon of SystemD on Ubuntu 15.10
Which to use of ps ef or ps -ef?