On Thu, Apr 23, 2009 at 11:35:06AM -0500, [email protected] wrote: > I've decided to use /etc/security/limits.conf to limit the number of > ssh/sftp connections for a user. Unfortunately, I'm finding those > rules only work for users that don't use rssh. I must be missing > something, but I can't figure it out. [...] > I tested this works with non-rssh users over ssh or sftp. However, it > doesn't work with rssh users.
You're quite sure it works with *sftp* users who don't use rssh? My first guess would have been that these sessions are not counted as logins, as in many ways they often are not (no pseudo tty allocated, no entry in wtmp, etc.). I would fully expect this not to work at all... Assuming they do really work, I can't immediately see any reason why it wouldn't work for rssh. Basically rssh takes the place of the user's shell, and by that point in the login process, everything to do with logging in has already happened. It's true that rssh is not PAM-aware, but neither is bash (or any other shell) AFAIK. The feature you're trying to use relies on PAM, so if it's going to work, you need the PAM libraries to be present in /lib/security. My only guess is -- again, assuming this really does work with sftp without rssh -- that sftp-server must be doing the PAM stuff after it's invoked, and therefore that you need to add /lib/security to your jail. But given I've never seen a PAM config file for sftp-server, that would surprise me a lot. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D
pgpWezclZMnD7.pgp
Description: PGP signature
------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensign option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
_______________________________________________ rssh-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rssh-discuss
