I am trying to limit the number of total OpenSSH connections to our Unix systems.
At first, I have tried modifying OpenSSH configuration with MaxSessions
and MaxStartups
options but with no success. They are ignored (maybe I don't really understand what this options are intended to).
Using PAM limits in /etc/security/limits.conf
I have succeed with maxsyslogins
directive:
# limit connections to the system to 10
* - maxsyslogins 10
It works, but we are limiting all kind of logins to the system, and using a third party solution to apply limitations to OpenSSH. By example, we have different kind of Unix (HP-UX, Solaris, Linux, AIX) and in not every server we are using PAM for authentication.
I mean, does it exists a simpler and more direct way to do it? Something similar to Apache MaxClients
directive?
I don't find it and it's very strange for me that OpenSSH does not have this possibility :-|.
Suppose you want maximum 20 connections, you could remove all pty[c-z]? files from /dev, leaving only ptya[0-9] and ptyb[0-9].