<div dir="ltr">I'm considering to disallow concurrent ssh sessions on a single-purpose production machine (say, DB server).<div><br></div><div>I thought of replacing the default shell with a shell that keeps its pid file in a central place. If such a file already exist, it'll kill the other running shell before logging in.</div>
<div><br></div><div>Something like</div><div><br></div><div><font face="courier new, monospace"> export LOCKFILE=/tmp/singleshell.pid</font></div><div><font face="courier new, monospace"> while [ "$(cat $LOCKFILE)" -eq "$LOCKFILE" ]; do</font></div>
<div><font face="courier new, monospace"> kill $(cat "$LOCKFILE")</font></div><div><font face="courier new, monospace"> sleep 1</font></div><div><font face="courier new, monospace"> kill -9 $(cat "$LOCKFILE")<br>
</font></div><div><font face="courier new, monospace"> echo $PID >$LOCKFILE</font></div><div><font face="courier new, monospace"> done</font></div><div><font face="courier new, monospace"> </font></div><div>
<font face="courier new, monospace"> exec /bin/sh</font></div><div><font face="courier new, monospace"><br></font></div><div><font face="arial, helvetica, sans-serif">The benefits of that are, making sure it is always one man fixing the server (what can happen is two people get a call "help, server is not working", and forgetting to check who else is logged in in the rush). And, the option of streamline logging. I'll use sudosh2 or some similar recording shell/recording terminal, and I'll have the exact log of what happened, no need to correlate events in two shells.</font></div>
<div><font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif">I'd like to hear your opinion and/or experience with such a scheme.</font></div><div><font face="arial, helvetica, sans-serif"><br>
</font></div><div><font face="arial, helvetica, sans-serif">Thanks</font></div></div>