Home FAQ Limit The Number Of SSH Logins Per User/Group/System
How to limit the number of SSH logins on Linux

Limit The Number Of SSH Logins Per User/Group/System

By sk
1819 Views

As you probably know, we can SSH into a remote Linux system by the same user multiple times. There is no limit! You could simply open multiple Terminal windows (or multiple tabs in the Terminal) and initiate multiple SSH sessions from each tab by the same user account. What if you want to change this behaviour? For example, you might want to allow only one active SSH session for an user. That's what we are going to see now. This brief tutorial explains how to limit the number of SSH logins per user or group or system on Linux.

In most Linux distributions, there is a file called limits.conf where you can define the maximum number of concurrent SSH sessions for an user or group of users. If the particular user tries to SSH into the system more than the allowed SSH logins, he/she will be denied access.

Limit The Number Of SSH Logins Per User Or Group On Linux

The limits.conf file is usually located under /etc/security/ directory on RPM and DEB-based systems.

Go to your remote system and edit /etc/security/limits.conf file with sudo or root user:

$ sudo nano /etc/security/limits.conf

To limit the number of concurrent SSH sessions for a specific user, for example ostechnix, Add the following line at the end:

ostechnix	hard	maxlogins	1

set number of concurrent SSH logins for user or group in limits.conf file in linux

Here,

  • ostechnix - Name of the user in my CentOS 8 server.
  • maxlogins 1 - Maximum number of logins for this user. In my case it is 1. You can increase this value to allow maximum no. of active SSH sessions per user.
  • hard - Enforcing hard limits.

If you want to limit the number of SSH connections for a group of users, add this:

@mygroup	hard    maxlogins	1

Replace @mygroup with your group name. In this scenario, all users in the mygroup can't login via SSH more than once.

If you want to limit SSH sessions of all users (global) in the system, add this line instead:

*	hard    maxlogins	1

Here, the asterisk means global (i.e. all users in the system). Once you defined the maximum number of SSH sessions per user/group or the whole system, save and close the file.

Now try to SSH to the system with the same user more than one time. You will see an error message like below.

Too many logins for 'ostechnix'.
Last login: Tue Feb 18 17:12:09 2020 from 192.168.225.37
Connection to 192.168.225.52 closed.

Limit The Number Of SSH Logins Per User On Linux System

As you see in the above output;

  1. First, I SSH into the remote CentOS 8 server as root user via SSH and connection was successfully established.
  2. Then, I opened a new tab and SSH into the same server as normal user "ostechnix" and the connection was successful.
  3. Finally, I tried to SSH into the same server with the same user(i.e. ostechnix) and this time the connection was denied. The user "ostechnix" can not SSH into the system more than once. Because his maximum number of allowed SSH session for this user is only one time. Hence, SSH connection is denied for this user.

In this example, we restricted the total number of active SSH sessions for a user or group or all users in the system. It is also possible to limit the SSH sessions per system-basis. For example - we can allow only one SSH login from a system, not per the user or group.

Limit total number of SSH session Per System

To limit the total number of active SSH connections per system, add the following line in /etc/security/limits.conf file:

*       hard    maxsyslogins    1

Here, maxsyslogins refers the maximum number of logins on the system, not per-user or per-group.

Try to SSH into the system and you can't access the system more than the maximum number of allowed logins on the system.

Limit total number of SSH session Per System

See? The user "ostechnix" can't even SSH for the first time. Because, the total number of allowed SSH login is only one for the system. This time the SSH connection made by the root user has also been taken into account. So the maximum number of SSH logins has crossed the defined limit and the user "ostechnix" was denied access. Hope you understand.

Please note that this restriction applies for the normal users only. The root user can still able to login via SSH any number of times.


Related read:


Thanks for stopping by!

Help us to help you:

Have a Good day!!

You May Also Like

3 comments

Christopher Cox February 19, 2020 - 6:18 am

Of course, this affects all logins. And while in our “network” dependent world, we might view ssh logins at “the only way”, if you need to just restrict ssh and not all other sources of login, there are more precise ways.

(let’s just say, I wouldn’t put this on an exam in this form)

Reply
sk February 19, 2020 - 2:23 pm

Yes, you’re right. Since I mostly access servers via SSH, I found this method very easy and effective.

Reply
Stef February 20, 2020 - 12:57 am

And does that prevent opening multiple sessions with multiplexing?
https://blog.scottlowe.org/2015/12/11/using-ssh-multiplexing/

Reply

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More