How to cap the number of users allowed to log into your Linux servers

How to cap the number of users allowed to log into your Linux servers

If you have Linux servers that allow remote connection via SSH, you might want to limit the number of users allowed to log in.

Programmer capping SSH connections in Linux.
Image: deagreez/Adobe Stock

Your Linux servers are probably configured for remote SSH connection. After all, without the ability to remotely log in to those servers, you’d have a harder time managing them. You might also have several IT staff members who log in.

Let’s say you have a staff of 10 admins, each of whom needs to be able to log into those servers at any given time. Maybe there are moments when all 10 of those admins are logged in at once.

SEE: 40+ open source and Linux terms you need to know (TechRepublic Premium)

What happens when an eleventh connection is attempted? You know there should never be 11 people logged into that server. What do you do? Fortunately, the SSH daemon has a couple of options to help you out. Let me show you how this is done.

Jump to:

What you’ll need to limit SSH connections

To limit the number of SSH connections to your servers, you’ll need at least one machine running the SSH daemon and a user with root privileges. It doesn’t matter what Linux distribution you use, as the configuration is the same.

How to limit concurrent SSH connections

The first thing we’re going to do is limit concurrent SSH connections. This configuration option specifies the max number of concurrent unauthenticated connections to SSH. Any connection beyond what is configured will be automatically dropped.

For our example, we’ll stick with the limit of 10.

The configuration file for this is sshd_config. Open the file for editing with the command:

sudo nano /etc/ssh/sshd_config

Look for the line:

#MaxStartups 10:30:100

With the above line, you can configure additional connections to be dropped until either authentication succeeds or the LogInGraceTime expires for a connection. The example above is configured such that random early drops are enabled with start:rate:full. This means SSH refuses connection attempts with a probability of rate/full.

Let’s simplify that and stick with a limit of 10 maximum connections. That line would then look like this:

MaxStartups 10

Next, we’ll set the maximum number of simultaneous connections. The option you’re looking for is:

#MaxSessions 10

Change that line to:

MaxSessions 10

Save and close the file.

Restart the SSH daemon with:

sudo systemctl restart sshd

Viola! You’re done.

Simple control over SSH

This is a simple way to control how many users can log in to your servers at once. If you combine this with Fail2ban, your servers will be considerably more secure and less likely to slow down because of too many SSH connections.

Keep in mind, however, that as long as a machine is connected to a network, nothing is 100% certain. Because of this, you need to be vigilant in monitoring and updating your servers — no matter how secure you believe they are.

Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.

Source of Article