[英]How to limit concurrent SSH or Dropbear Tunnel connections
I need to limit concurrent SSH/Dropbear Tunnel connections to 1 login per user.我需要将并发 SSH/Dropbear 隧道连接限制为每个用户 1 次登录。 I have a script that takes care of that.
我有一个脚本可以解决这个问题。 But it doesn't work for me because when there are many users it becomes saturated and it takes a long time to kick the users.
但这对我不起作用,因为当有很多用户时,它会变得饱和,并且需要很长时间才能踢出用户。 Another problem with this script is that if the user logs out and logs back in it is detected as multilogin.
这个脚本的另一个问题是,如果用户注销并重新登录,它会被检测为多登录。 Maxlogins and MaxSessions does not work on Dropbear.
Maxlogins 和 MaxSessions 在 Dropbear 上不起作用。 Below is the script I am using:
以下是我正在使用的脚本:
#!/bin/bash
# This script locates all users who have multiple active dropbear
# processes and kills processes in excess of one for each user.
if [ "$EUID" -ne 0 ]; then
printf "Please run as root.\n"
exit
fi
IFS=+
while true; do
PIDFILE=$(mktemp)
AUTHFILE=$(mktemp)
USERS=$(mktemp)
ps aux | grep dropbear | grep -v grep | awk 'BEGIN{} {print $2}' > $PIDFILE
journalctl -r | grep dropbear | grep auth > $AUTHFILE
while read LINE; do
USER=$(printf "%s" $LINE | sed "s/^.* '//" | sed "s/'.*$//" -)
PID=$(printf "%s" $LINE | sed "s/^.*\[//" | sed "s/].*$//" -)
if grep -Fxq $(printf "%s" $USER) $USERS; then
:
else
printf "%s\n" $USER >> $USERS
fi
USERFILE=$(printf "/tmp/%s" $USER)
if [ ! -f $USERFILE ]; then
touch $USERFILE
fi
if grep -Fxq $(printf "%s" $PID) $PIDFILE; then
printf "%s\n" $PID >> $USERFILE
else
:
fi
done < $AUTHFILE
while read USER; do
i=1
while read PID; do
if [ $i -gt 1 ]; then
printf "Kill PID %s of user %s\n" $PID $USER
kill -9 $(printf "%s" $PID)
curl -k "https://redesprivadasvirtuales.com/modules/servers/openvpn/vega.php?secret=DD8sPD&user=$USER"
else
:
fi
((i++))
done < $(printf "/tmp/%s" $USER)
rm $(printf "/tmp/%s" $USER)
done < $USERS
rm $PIDFILE
rm $AUTHFILE
rm $USERS
done
Suggestions:建议:
journalctl -r
is very expensive. journalctl -r
非常昂贵。 Limit journalctl
to time since last search.journalctl
限制为自上次搜索以来的时间。USER=$(...)
and PID=$(...)
.USER=$(...)
和PID=$(...)
一致。 Replace printf
and sed
commands, with single awk
command.awk
命令替换printf
和sed
命令。pgrep
and pkill
commaonds.pgrep
和pkill
命令。$PIDFILE
$AUTHFILE
$USERS
with array variables (research readarray
command).$PIDFILE
$AUTHFILE
$USERS
替换为数组变量(研究readarray
命令)。$AUTHFILE
could be implemented as loop over bash array.$AUTHFILE
上的循环可以实现为 bash 数组上的循环。$USERS
(including internal loop) could be implemented as loop over bash array.$USERS
上的循环(包括内部循环)可以实现为 bash 数组上的循环。curl
command might be very expensive. curl
命令可能非常昂贵。 You do not check the response from each curl
request.curl
请求的响应。 Run curl
in background and if possible in parallel for all users.curl
,如果可能的话,为所有用户并行运行。 Kind SO members could assist more, if you put sample lines from $AUTHFILE
in the questions as sample input line.如果您将
$AUTHFILE
中的示例行作为示例输入行放入问题中,那么善良的 SO 成员可以提供更多帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.