[Bug 2499] It would be nice to have a tool to manage ssh connections
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Dec 11 14:41:09 AEDT 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2499
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WONTFIX
Status|NEW |RESOLVED
CC| |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
We don't plan on offering any connection management tool - generally
we'd like to make the existing unix toolset do this job. Mostly, it
does.
For your first example, you can kill ssh session by user by looking at
the process list. Active session list the username, e.g.
$ ps ax | grep sshd
25092 ?? S 0:05.52 sshd: djm at ttyp0,ttyp1,ttyp2 (sshd)
...
So killing the connection is just a matter of killing that user's
processes. Afterwards, the account can be locked using standard system
account maintenance tools - sshd honours locked passwords (either via
PAM or by directly inspecting the passwords lock string).
Your second example could be done similarly to the above case, with a
little indirection though the existing 'w' or 'who' tools, or the
system logs to find out the source address.
Your third example is something that could be handled via PAM if your
system supports it (most do). E.g.
http://www.linux-pam.org/Linux-PAM-html/sag-pam_time.html -- we do
support some authentication restrictions in sshd_config, but we can't
cover everything...
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list