Topic: sshd, reject new connections, but let existing finish

[loejf]

Hi.
Does anyone know, if it is possibled on sme 7.4 openssh dæmon, to reject new ssh connections, and at the same time let existing connections finish. So you can have a schedule without connections??

Loejf

[Stefano]

please explain your probkem/what you are trying to achieve, not tha solution

[loejf]

Hi.
The problem is, that we do have a lot of ssh connections to our server, and we are not able to manage those connections. When we for maintenance options ex. wants to reboot or alike, we want to do it, when there are no open connections, but we dont want to cut of existing connections, but wait for them to finish, and therefore we dont want any new connections in the meantime.

Loejf

[Stefano]

Hi.
The problem is, that we do have a lot of ssh connections to our server, and we are not able to manage those connections. When we for maintenance options ex. wants to reboot or alike, we want to do it, when there are no open connections, but we dont want to cut of existing connections, but wait for them to finish, and therefore we dont want any new connections in the meantime.

Loejf

many users connected via ssh to a console or just for ssh tunnels?

if the first, you can send a wall message to everybody to disconnect

[loejf]

clients using sftp.

No wall message possible. The clients connect by scripting, and automatically.
In connection rejected, they will try again later.

[mmccarn]

Before the ssh port could be set in server-manager I wrote wiki instructions on changing it manually.

At that time (SME 7.1.3 / 7.2), changing the port would leave existing connections "up", while forcing new connections to use the new port.

That is, I could *remotely* connect to sshd on port 22, change the port to 222, connect to sshd on port 222 and still have two connections open (the original on 22 and the new one on 222).

You may be able to use this to your advantage; my notes/instructions can be found at http://wiki.contribs.org/SSH_Port#Annotated_Version_.28same_as_.22Summary_Version.22.2C_but_with_explanations_.26_verification.29

[loejf]

Hi.
Thank you very much.
That could be a way of doing it. Temporarily changing the port, do the stuff, and then turn the original back on.
And done by scripting, it should be a thing to overcome.
Loejf