Is forbidding concurrent ssh sessions a good idea?
E.S. Rosenberg
esr+linux-il at g.jct.ac.il
Mon Nov 12 18:32:25 IST 2012
2012/11/12 Yedidyah Bar-David <linux-il at didi.bardavid.org>:
> On Mon, Nov 12, 2012 at 12:51:46PM +0200, Nadav Har'El wrote:
>> On Mon, Nov 12, 2012, Elazar Leibovich wrote about "Re: Is forbidding concurrent ssh sessions a good idea?":
>> > While I can certainly see what's broken with it for using a regular
>> > computer, whose stability I do not value much, and while there are
>> > difficulties this may cause, do you see anything specific that will break
>> > in the use case of a production server?
>>
>> Let me offer another completely different idea, without any kills and
>> similar tricks: End your ~/.profile with "screen -R -D"
>>
>> What will this do?
>>
>> The login shell will start screen(1), and let the admin work in it.
>> If another admin logs in, he doesn't just kill the existing session - he
>> also takes over the existing instance of "screen", and can see what the
>> other admin was in the middle of doing.
>>
>> This "screen" will also allow the admin to have multiple screens - which
>> you prevent him from doing with several separate sshs, so he'll
>> appreciate "screen" anyway.
>>
>> If you don't know screen(1), I suggest you learn it - it is an
>> absolutely wonderful tool.
>
> ...and also look at its '-x' option which will allow sharing a session
> from two (or more) connections. This way your two admins will be able
> to talk over the phone while solving a problem together and not having
> to tell each other what they did and what happened.
>
> And while at it, also have a look at tmux, which is a screen replacement.
+1 for tmux, this does however imply that all the admins are using the
same account to login (bad scenario) with or instead the tmux/screen
line should be added at the end of /root/.profile and not ~/.profile
Just note that tmux inside of tmux or screen inside of screen tend to
behave bad/not work, screen inside of tmux works, I never tried the
other way around.
Regards,
Eliyahu - אליהו
> --
> Didi
>
>
> _______________________________________________
> Linux-il mailing list
> Linux-il at cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
More information about the Linux-il
mailing list