set a limit on concurrent SSH/SFTP connections to 2 per user

Question

I made the changes in /etc/security/limits.conf

test        hard    maxlogins       2
sftptest    hard    maxlogins       2

• After above entries I have tested below scenarios

  1. Open 2 putty sessions when I tried to open 3rd sessions it disconnect automatically (Working fine with ssh user not for sftp user )
  2. Open 2 putty sessions when I am trying to open 3rd session from the filezilla / winscp connection disconnected automatically (Working fine with ssh user ) 3.When I am trying to open 3 sessions in filezilla/winscp I am able to open 3 sessions ( Not working)
  3. when I am trying to open 3 sessions in filezilla/winscp with sftp users I am able to open all three sessions -Is there any difference in putty client and winscp/filezilla ? -SSH users having shell login but sftp users don't have shell login

• Is there any chance to limit the connections 2 for sftp users?

I am pretty new to Linux.

Answer 1

You can limit the process count for that user. During a scp, 3 processes are created with root, sshd and sftptest(in your case) users.
So you can limit the max process count for that user in /etc/security/limits.conf

sftptest hard nproc 2

This is not a very efficient way because you block the connection after it is authenticated.

Answer 2

While I don't know that this is a definitive answer:

• I would expect 'ssh' (or access via console / getty) to spawn a login shell
• I would NOT expect sftp (nor, e.g. starting a terminal emulator in a X window session) to spawn a login shell, but I would expect a shell to be started

There are important differences a login shell and non-login shell. A "login shell" will execute the profile on startup, however a non-login shell won't (it will execute the shell rc file).

I must admit that I am hazy on the underlying mechanisms that differentiate between the 2 session types. But I believe the limit is enforced via pam_limits.so on Linux.