Is forbidding concurrent ssh sessions a good idea?
Elazar Leibovich
elazarl at gmail.com
Mon Nov 12 10:05:02 IST 2012
I'm considering to disallow concurrent ssh sessions on a single-purpose
production machine (say, DB server).
I thought of replacing the default shell with a shell that keeps its pid
file in a central place. If such a file already exist, it'll kill the other
running shell before logging in.
Something like
export LOCKFILE=/tmp/singleshell.pid
while [ "$(cat $LOCKFILE)" -eq "$LOCKFILE" ]; do
kill $(cat "$LOCKFILE")
sleep 1
kill -9 $(cat "$LOCKFILE")
echo $PID >$LOCKFILE
done
exec /bin/sh
The benefits of that are, making sure it is always one man fixing the
server (what can happen is two people get a call "help, server is not
working", and forgetting to check who else is logged in in the rush). And,
the option of streamline logging. I'll use sudosh2 or some similar
recording shell/recording terminal, and I'll have the exact log of what
happened, no need to correlate events in two shells.
I'd like to hear your opinion and/or experience with such a scheme.
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20121112/81f53885/attachment.html>
More information about the Linux-il
mailing list