Bug 742994

Summary: Use pam_limit.so to limit number of concurrent SSH sessions
Product: Red Hat Enterprise Linux 6 Reporter: Perry Myers <pmyers>
Component: ovirt-nodeAssignee: Joey Boggs <jboggs>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: high    
Version: 6.2CC: apevec, gouyang, leiwang, moli, ovirt-maint, ycui
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: ovirt-node-2.0.2-0.10.gitee3b50c.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-06 19:29:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Perry Myers 2011-10-03 14:31:06 UTC
Description of problem:
Configure pam_limit.so to limit number of concurrent ssh sessions to 3

Comment 2 Perry Myers 2011-10-03 19:03:10 UTC
From email w/ sgrubb:

> Not what I would call a best practice, but the DISA STIG which military customers 
> would follow says 10 or a site defined number:
> http://people.redhat.com/sgrubb/files/stig-2011/stig-2011-checklist.html#item-
> SV-25945r1_rule
> 
> I would say 2 or 3 concurrent ssh sessions should be enough.

Comment 5 Guohua Ouyang 2011-10-09 06:23:13 UTC
Verified on 6.2-20111006, 
1. if I have 3 login user:
# w
 06:19:21 up 20:26,  3 users,  load average: 0.00, 0.00, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
admin    tty1     -                02:51    3:27m  1.10s  0.00s /bin/bash /usr/
admin    pts/0    dhcp-65-158.nay. 05:25    0.00s  1.33s  0.11s sshd: admin [pr
admin    pts/1    dhcp-65-158.nay. 06:18   41.00s  1.11s  0.01s /bin/bash /usr/

2. try another ssh login will get "Too many logins", see below:
$ ssh admin.72.105
admin.72.105's password: 
Too many logins for 'admin'.
Last login: Sun Oct  9 06:19:09 2011 from dhcp-65-158.nay.redhat.com
Connection to 10.66.72.105 closed.

Comment 6 errata-xmlrpc 2011-12-06 19:29:05 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1783.html