Mdthbs

extract characters between two commas?

If a centaur druid Wild Shapes into a Giant Elk, do their Charge features stack?

How to create a consistent feel for character names in a fantasy setting?

Was there ever an axiom rendered a theorem?

Patience, young "Padovan"

Does a dangling wire really electrocute me if I'm standing in water?

How is it possible for user's password to be changed after storage was encrypted? (on OS X, Android)

Doomsday-clock for my fantasy planet

Check if two datetimes are between two others

Is ipsum/ipsa/ipse a third person pronoun, or can it serve other functions?

What is GPS' 19 year rollover and does it present a cybersecurity issue?

Ideas for 3rd eye abilities

When blogging recipes, how can I support both readers who want the narrative/journey and ones who want the printer-friendly recipe?

What is the command to reset a PC without deleting any files

Are white and non-white police officers equally likely to kill black suspects?

Re-submission of rejected manuscript without informing co-authors

Are cabin dividers used to "hide" the flex of the airplane?

Where else does the Shulchan Aruch quote an authority by name?

"listening to me about as much as you're listening to this pole here"

Is every set a filtered colimit of finite sets?

Shall I use personal or official e-mail account when registering to external websites for work purpose?

Extreme, but not acceptable situation and I can't start the work tomorrow morning

Need help identifying/translating a plaque in Tangier, Morocco

What do you call something that goes against the spirit of the law, but is legal when interpreting the law to the letter?

set a limit on concurrent SSH/SFTP connections to 2 per user

How to limit the number of active logins per user?sshd_config MaxSessions parameterSet up chroot for LDAP users in RHEL6Activity Logging Level in SFTPLocked myself out of Amazon EC2 SSH - This service allows sftp connections onlySSH via cert-authority“Too many open files ssh” when the number of open files is far below ulimitCannot login or ssh to non-admin Cygwin user this month but could last month and still can for other non-admin userHow can I block ssh access to users with pam?sshd should immediately kill command/shell/session when connection drops (no timeout)Why can't SFTP clients rename a file in their NFS mounted home directory?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}

1

I made the changes in /etc/security/limits.conf

test        hard    maxlogins       2

sftptest    hard    maxlogins       2

• 
  

  After above entries I have tested below scenarios

  
  
  
  
  
  1. Open 2 putty sessions when I tried to open 3rd sessions it disconnect automatically (Working fine with ssh user not for sftp user )
  
  
  2. Open 2 putty sessions when I am trying to open 3rd session from the filezilla / winscp connection disconnected automatically (Working fine with ssh user )
     3.When I am trying to open 3 sessions in filezilla/winscp I am able to open 3 sessions ( Not working)
  
  
  3. when I am trying to open 3 sessions in filezilla/winscp with sftp users I am able to open all three sessions
     -Is there any difference in putty client and winscp/filezilla ?
     -SSH users having shell login but sftp users don't have shell login
  
  
  
  



• Is there any chance to limit the connections 2 for sftp users?

I am pretty new to Linux.

sshd

share|improve this question

edited Mar 8 at 12:18

terdon♦

134k33269449

asked Jan 12 '18 at 3:53

TrivedhTrivedh

614

bumped to the homepage by Community♦ yesterday

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Two options using MaxSession or firewall. The first will work if your ssh supports it!
  
  – George Udosen
  Jan 12 '18 at 4:36
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Can you please let me know how to do it from firewall side ?
  
  – Trivedh
  Jan 12 '18 at 4:45
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Try this rule: sudo firewall-cmd --permanent --direct --add-rule iptables -I INPUT -p TCP --dport 22 --syn -m connlimit --connlimit-above 2 -j REJECT, this only limits per ip not per user!
  
  – George Udosen
  Jan 12 '18 at 6:03
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks for the reply , but i am looking for user side .
  
  – Trivedh
  Jan 12 '18 at 6:11
  

  
  
  
  

add a comment | 

1

I made the changes in /etc/security/limits.conf

test        hard    maxlogins       2

sftptest    hard    maxlogins       2

• 
  

  After above entries I have tested below scenarios

  
  
  
  
  
  1. Open 2 putty sessions when I tried to open 3rd sessions it disconnect automatically (Working fine with ssh user not for sftp user )
  
  
  2. Open 2 putty sessions when I am trying to open 3rd session from the filezilla / winscp connection disconnected automatically (Working fine with ssh user )
     3.When I am trying to open 3 sessions in filezilla/winscp I am able to open 3 sessions ( Not working)
  
  
  3. when I am trying to open 3 sessions in filezilla/winscp with sftp users I am able to open all three sessions
     -Is there any difference in putty client and winscp/filezilla ?
     -SSH users having shell login but sftp users don't have shell login
  
  
  
  



• Is there any chance to limit the connections 2 for sftp users?

I am pretty new to Linux.

sshd

share|improve this question

edited Mar 8 at 12:18

terdon♦

134k33269449

asked Jan 12 '18 at 3:53

TrivedhTrivedh

614

bumped to the homepage by Community♦ yesterday

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Two options using MaxSession or firewall. The first will work if your ssh supports it!
  
  – George Udosen
  Jan 12 '18 at 4:36
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Can you please let me know how to do it from firewall side ?
  
  – Trivedh
  Jan 12 '18 at 4:45
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Try this rule: sudo firewall-cmd --permanent --direct --add-rule iptables -I INPUT -p TCP --dport 22 --syn -m connlimit --connlimit-above 2 -j REJECT, this only limits per ip not per user!
  
  – George Udosen
  Jan 12 '18 at 6:03
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks for the reply , but i am looking for user side .
  
  – Trivedh
  Jan 12 '18 at 6:11
  

  
  
  
  

add a comment | 

I made the changes in /etc/security/limits.conf

test        hard    maxlogins       2

sftptest    hard    maxlogins       2

• 
  

  After above entries I have tested below scenarios

  
  
  
  
  
  1. Open 2 putty sessions when I tried to open 3rd sessions it disconnect automatically (Working fine with ssh user not for sftp user )
  
  
  2. Open 2 putty sessions when I am trying to open 3rd session from the filezilla / winscp connection disconnected automatically (Working fine with ssh user )
     3.When I am trying to open 3 sessions in filezilla/winscp I am able to open 3 sessions ( Not working)
  
  
  3. when I am trying to open 3 sessions in filezilla/winscp with sftp users I am able to open all three sessions
     -Is there any difference in putty client and winscp/filezilla ?
     -SSH users having shell login but sftp users don't have shell login
  
  
  
  



• Is there any chance to limit the connections 2 for sftp users?

I am pretty new to Linux.

sshd

share|improve this question

edited Mar 8 at 12:18

terdon♦

134k33269449

asked Jan 12 '18 at 3:53

TrivedhTrivedh

614

test        hard    maxlogins       2

sftptest    hard    maxlogins       2

share|improve this question

edited Mar 8 at 12:18

terdon♦

134k33269449

asked Jan 12 '18 at 3:53

TrivedhTrivedh

614

share|improve this question

edited Mar 8 at 12:18

terdon♦

134k33269449

asked Jan 12 '18 at 3:53

TrivedhTrivedh

614

edited Mar 8 at 12:18

terdon♦

134k33269449

edited Mar 8 at 12:18

terdon♦

134k33269449

asked Jan 12 '18 at 3:53

TrivedhTrivedh

614

asked Jan 12 '18 at 3:53

TrivedhTrivedh

614

1 Answer
1

active

oldest

votes

0

I am not sure that it is possible to achieve exactly what you desire, at least not by simply setting configuration variables for existing tools.

The next best option might be to use the MaxSessions option in sshd_config. This:

Specifies the maximum number of open shell, login or subsystem (e.g. sftp) sessions permitted per network connection. Multiple sessions may be established by clients that support connection multiplexing. Setting MaxSessions to 1 will effectively disable session multiplexing, whereas setting it to 0 will prevent all shell, login and subsystem sessions while still permitting forwarding. The default is 10.

If you wish to do that, then in /etc/ssh/sshd_config, look for the a line with the text MaxSessions. Edit it to read as follows:

MaxSessions 2

Then save the file and restart the SSH daemon.

share|improve this answer

edited Jan 31 '18 at 19:16

answered Jan 12 '18 at 4:39

sampablokupersampablokuper

1,3191533

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Hi , I already did the same . Through putty client it is taking two connections only . But when l logged in as a sftp user it is taking 5+ connections at a time .
  
  – Trivedh
  Jan 12 '18 at 4:44
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Are you sure that those sftp connections are distinct sessions?
  
  – sampablokuper
  Jan 12 '18 at 4:52
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Yes , I logged in from three different machines through winscp/filezilla .
  
  – Trivedh
  Jan 12 '18 at 5:28
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  How to limit sftp users ?
  
  – Trivedh
  Jan 12 '18 at 6:11
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  @Trivedh, not sure I can help, but out of curiosity: were those three client machines sharing an IP address, and was the server on a different IP address to all of the clients?
  
  – sampablokuper
  Jan 12 '18 at 6:22
  

  
  
  
  

 | 
show 4 more comments

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f416498%2fset-a-limit-on-concurrent-ssh-sftp-connections-to-2-per-user%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

0

I am not sure that it is possible to achieve exactly what you desire, at least not by simply setting configuration variables for existing tools.

The next best option might be to use the MaxSessions option in sshd_config. This:

Specifies the maximum number of open shell, login or subsystem (e.g. sftp) sessions permitted per network connection. Multiple sessions may be established by clients that support connection multiplexing. Setting MaxSessions to 1 will effectively disable session multiplexing, whereas setting it to 0 will prevent all shell, login and subsystem sessions while still permitting forwarding. The default is 10.

If you wish to do that, then in /etc/ssh/sshd_config, look for the a line with the text MaxSessions. Edit it to read as follows:

MaxSessions 2

Then save the file and restart the SSH daemon.

share|improve this answer

edited Jan 31 '18 at 19:16

answered Jan 12 '18 at 4:39

sampablokupersampablokuper

1,3191533

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Hi , I already did the same . Through putty client it is taking two connections only . But when l logged in as a sftp user it is taking 5+ connections at a time .
  
  – Trivedh
  Jan 12 '18 at 4:44
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Are you sure that those sftp connections are distinct sessions?
  
  – sampablokuper
  Jan 12 '18 at 4:52
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Yes , I logged in from three different machines through winscp/filezilla .
  
  – Trivedh
  Jan 12 '18 at 5:28
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  How to limit sftp users ?
  
  – Trivedh
  Jan 12 '18 at 6:11
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  @Trivedh, not sure I can help, but out of curiosity: were those three client machines sharing an IP address, and was the server on a different IP address to all of the clients?
  
  – sampablokuper
  Jan 12 '18 at 6:22
  

  
  
  
  

 | 
show 4 more comments

0

I am not sure that it is possible to achieve exactly what you desire, at least not by simply setting configuration variables for existing tools.

The next best option might be to use the MaxSessions option in sshd_config. This:

Specifies the maximum number of open shell, login or subsystem (e.g. sftp) sessions permitted per network connection. Multiple sessions may be established by clients that support connection multiplexing. Setting MaxSessions to 1 will effectively disable session multiplexing, whereas setting it to 0 will prevent all shell, login and subsystem sessions while still permitting forwarding. The default is 10.

If you wish to do that, then in /etc/ssh/sshd_config, look for the a line with the text MaxSessions. Edit it to read as follows:

MaxSessions 2

Then save the file and restart the SSH daemon.

share|improve this answer

edited Jan 31 '18 at 19:16

answered Jan 12 '18 at 4:39

sampablokupersampablokuper

1,3191533

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Hi , I already did the same . Through putty client it is taking two connections only . But when l logged in as a sftp user it is taking 5+ connections at a time .
  
  – Trivedh
  Jan 12 '18 at 4:44
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Are you sure that those sftp connections are distinct sessions?
  
  – sampablokuper
  Jan 12 '18 at 4:52
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Yes , I logged in from three different machines through winscp/filezilla .
  
  – Trivedh
  Jan 12 '18 at 5:28
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  How to limit sftp users ?
  
  – Trivedh
  Jan 12 '18 at 6:11
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  @Trivedh, not sure I can help, but out of curiosity: were those three client machines sharing an IP address, and was the server on a different IP address to all of the clients?
  
  – sampablokuper
  Jan 12 '18 at 6:22
  

  
  
  
  

 | 
show 4 more comments

I am not sure that it is possible to achieve exactly what you desire, at least not by simply setting configuration variables for existing tools.

The next best option might be to use the MaxSessions option in sshd_config. This:

Specifies the maximum number of open shell, login or subsystem (e.g. sftp) sessions permitted per network connection. Multiple sessions may be established by clients that support connection multiplexing. Setting MaxSessions to 1 will effectively disable session multiplexing, whereas setting it to 0 will prevent all shell, login and subsystem sessions while still permitting forwarding. The default is 10.

If you wish to do that, then in /etc/ssh/sshd_config, look for the a line with the text MaxSessions. Edit it to read as follows:

MaxSessions 2

Then save the file and restart the SSH daemon.

share|improve this answer

edited Jan 31 '18 at 19:16

answered Jan 12 '18 at 4:39

sampablokupersampablokuper

1,3191533

MaxSessions 2

share|improve this answer

edited Jan 31 '18 at 19:16

answered Jan 12 '18 at 4:39

sampablokupersampablokuper

1,3191533

answered Jan 12 '18 at 4:39

sampablokupersampablokuper

1,3191533

answered Jan 12 '18 at 4:39

sampablokupersampablokuper

1,3191533