Is forbidding concurrent ssh sessions a good idea?
Yedidyah Bar-David
linux-il at didi.bardavid.org
Mon Nov 12 13:02:57 IST 2012
On Mon, Nov 12, 2012 at 12:51:46PM +0200, Nadav Har'El wrote:
> On Mon, Nov 12, 2012, Elazar Leibovich wrote about "Re: Is forbidding concurrent ssh sessions a good idea?":
> > While I can certainly see what's broken with it for using a regular
> > computer, whose stability I do not value much, and while there are
> > difficulties this may cause, do you see anything specific that will break
> > in the use case of a production server?
>
> Let me offer another completely different idea, without any kills and
> similar tricks: End your ~/.profile with "screen -R -D"
>
> What will this do?
>
> The login shell will start screen(1), and let the admin work in it.
> If another admin logs in, he doesn't just kill the existing session - he
> also takes over the existing instance of "screen", and can see what the
> other admin was in the middle of doing.
>
> This "screen" will also allow the admin to have multiple screens - which
> you prevent him from doing with several separate sshs, so he'll
> appreciate "screen" anyway.
>
> If you don't know screen(1), I suggest you learn it - it is an
> absolutely wonderful tool.
...and also look at its '-x' option which will allow sharing a session
from two (or more) connections. This way your two admins will be able
to talk over the phone while solving a problem together and not having
to tell each other what they did and what happened.
And while at it, also have a look at tmux, which is a screen replacement.
--
Didi
More information about the Linux-il
mailing list