When you log in with ssh, the file /etc/limits is not read and applied
like it is when you log in on the console. I have found some very
old patches for openssh by slackware users (other distributions usually
do not use /etc/limits; they use PAM -> /etc/security/limits.conf),
but no recent ones for recent openssh versions. Does this mean
that slackers just aren't interested in usage limits anymore ? Or that
there is a better way to obtain the same effect ?

(I know that there are other ways, but I do not know of any other
*clean* ways to impose such limits -- except pam-ification of course.)

Dirk van Deun
--
Ceterum censeo Redmond delendum

Dirk van Deun wrote:
> When you log in with ssh, the file /etc/limits is not read and applied
> like it is when you log in on the console. I have found some very
> old patches for openssh by slackware users (other distributions usually
> do not use /etc/limits; they use PAM -> /etc/security/limits.conf),
> but no recent ones for recent openssh versions. Does this mean
> that slackers just aren't interested in usage limits anymore ? Or that
> there is a better way to obtain the same effect ?
>
> (I know that there are other ways, but I do not know of any other
> *clean* ways to impose such limits -- except pam-ification of course.)
>
> Dirk van Deun

This is a patch for current openssh, with this patch it will obbey
/etc/limits.

http://miha.krneki.org/patches/opens...1-limits.patch

--
Miha

Dirk van Deun wrote:

> (I know that there are other ways, but I do not know of any other
> *clean* ways to impose such limits -- except pam-ification of course.)

I have a small /etc/profile.d/limits.sh script that gets executed for bash
users and imposes limits. That may be an option for you.

Dominik L. Borkowski wrote:
> Dirk van Deun wrote:
>
>
>>(I know that there are other ways, but I do not know of any other
>>*clean* ways to impose such limits -- except pam-ification of course.)
>
>
> I have a small /etc/profile.d/limits.sh script that gets executed for bash
> users and imposes limits. That may be an option for you.

....and this script can be easilly stoped before it's executed by
clamping ctrl+c upon entering password...

--
Miha

Miha Verlic wrote:
>
> ...and this script can be easilly stoped before it's executed by
> clamping ctrl+c upon entering password...
>

the user doing the ctrl-c would have to be really really fast me thinks

: This is a patch for current openssh, with this patch it will obbey
: /etc/limits.

: http://miha.krneki.org/patches/opens...1-limits.patch

That is a clean and current solution, indeed. Thanks.

Dirk van Deun
--
Ceterum censeo Redmond delendum

Miha Verlic wrote:

>> I have a small /etc/profile.d/limits.sh script that gets executed for
>> bash users and imposes limits. That may be an option for you.
>
> ...and this script can be easilly stoped before it's executed by
> clamping ctrl+c upon entering password...

As somebody has mentioned before, pressing ctrl-c would be a daunting task.
Either way, the solution by no means is bulletproof, and it was never meant
to be. It's to stop casual/random/unintentional abuse of resources rather
than to keep script kiddies at bay from running a fork bomb or use up
memory.

Martin Lefebvre wrote:
> Miha Verlic wrote:
>
>>
>> ...and this script can be easilly stoped before it's executed by
>> clamping ctrl+c upon entering password...
>>
>
> the user doing the ctrl-c would have to be really really fast me thinks

actually no - slow line or overloaded CPU and you can easily cancel
execution of profile

--
Miha