I'd never heard of a scenario like that. There are lots of bells and whistles to lock down a system, but this one caught me off guard. After a few minutes searching the Interweb, I decided to whip out a hack:
#!/bin/shHere's the flow:
#
# Restrict concurrent logins from multiple locations
#
MYT=`tty | sed "s~/dev/~~"`
MYL=`who | grep "$MYT" | awk '{print $NF}' | sed 's/[()]//g'`
MYC=`who | grep "$USER.*\..*\." | grep -vc "$MYL"`
if [ "$MYC" -gt 0 ]; then
echo "Logged in on $MYT from $MYL"
echo "Other remote locations:"
who | grep "$USER.*\..*\." | grep -v $MYL | \
awk '{print $NF}' | sed 's/[()]//g' | sort -u | xargs echo " "
echo "Too many remote logins. Good bye."
logger -p authpriv.warn "Killed remote login: $MYT $MYL"
ps | grep -m 1 "$MYT" | awk '{print $1}' | xargs kill -9
#fuser -k `tty`
fi
1. Determine our current TTY
2. Get our remote address (client address)
3. Are we logged in from another address...
where the other address has two dots...
and is not our own address
4. If so, print all sorts of helpful information
Note: comment "echo" lines in the wild
5. Log the event
6. Kick the bastard off
fuser *should* have worked :(
Save it as /etc/profile.d/location.sh and it will automatically be called after SSH authentication.
*** Update ***
A big mistake to avoid... Don't use the exit command in any script in the /etc/profile.d directory. This will cause the login process to exit, not the script.
No comments:
Post a Comment