Limit number of simultaneous sftp-server connections from same ip

Lars Reimann lars.reimann at googlemail.com
Fri May 28 05:33:45 EST 2010


Hello,

thanks for the reply.

On 5/27/2010 9:20 PM, Peter Stuge wrote:
> Lars Reimann wrote:
>   
>> I want to limit the number of connections (or instances) to an
>> sftp-server a user can spawn from the same ip address.
>>     
> Wouldn't a simple wrapper (as opposed to xinetd) work?
>   
I suppose so. I have a shell script in mind that checks the process list
for already open sftp-server connections under a specific user.
If a process already exists, the script would not exec another sub-process.
Please tell me if that is feasable or if there's a better method.
>
>   
>> sftp-server depends on a parent sshd
>>     
> How is that, exactly?
>   
Maybe it does not depend on sshd, but I cannot imagine any secure method
how to operate  sftp-server w/o sshd using a connection limit nor did I
find any documented.
A method where xinetd uses seperate rules for sshd and sftp-server while
normal logins remain unaffected by the connection limit sadly was beyond
my skills.
>
>   
>> While limiting the use of sftp-server I want to retain _full_
>> access to normal (shell-like) connections over sshd without limits.
>>     
> Add the wrapper to the subsystem directive in sshd_config.
>
>
>   
>> By the way, how can I disable sftp-server completely
>>     
> Remove the subsystem directive from sshd_config.
>
>
> //Peter
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>   

greetings,
lr.


More information about the openssh-unix-dev mailing list