Koozali.org: home of the SME Server

Obsolete Releases => SME 7.x Contribs => Topic started by: loejf on December 17, 2009, 03:33:42 PM

Title: sshd, reject new connections, but let existing finish
Post by: loejf on December 17, 2009, 03:33:42 PM: Hi.
Does anyone know, if it is possibled on sme 7.4 openssh dæmon, to reject new ssh connections, and at the same time let existing connections finish. So you can have a schedule without connections??

Loejf
Title: Re: sshd, reject new connections, but let existing finish
Post by: Stefano on December 17, 2009, 03:48:14 PM: please explain your probkem/what you are trying to achieve, not tha solution ;-)
Title: Re: sshd, reject new connections, but let existing finish
Post by: loejf on December 17, 2009, 05:20:02 PM: Hi.
The problem is, that we do have a lot of ssh connections to our server, and we are not able to manage those connections. When we for maintenance options ex. wants to reboot or alike, we want to do it, when there are no open connections, but we dont want to cut of existing connections, but wait for them to finish, and therefore we dont want any new connections in the meantime.

Loejf
Title: Re: sshd, reject new connections, but let existing finish
Post by: Stefano on December 17, 2009, 06:17:30 PM: Quote from: loejf on December 17, 2009, 05:20:02 PM
Hi.
The problem is, that we do have a lot of ssh connections to our server, and we are not able to manage those connections. When we for maintenance options ex. wants to reboot or alike, we want to do it, when there are no open connections, but we dont want to cut of existing connections, but wait for them to finish, and therefore we dont want any new connections in the meantime.

Loejf

many users connected via ssh to a console or just for ssh tunnels?

if the first, you can send a wall message to everybody to disconnect
Title: Re: sshd, reject new connections, but let existing finish
Post by: loejf on December 17, 2009, 06:29:07 PM: clients using sftp.

No wall message possible. The clients connect by scripting, and automatically.
In connection rejected, they will try again later.
Title: Re: sshd, reject new connections, but let existing finish
Post by: mmccarn on December 18, 2009, 05:01:36 PM: Before the ssh port could be set in server-manager I wrote wiki instructions on changing it manually.

At that time (SME 7.1.3 / 7.2), changing the port would leave existing connections "up", while forcing new connections to use the new port.

That is, I could *remotely* connect to sshd on port 22, change the port to 222, connect to sshd on port 222 and still have two connections open (the original on 22 and the new one on 222).

You may be able to use this to your advantage; my notes/instructions can be found at http://wiki.contribs.org/SSH_Port#Annotated_Version_.28same_as_.22Summary_Version.22.2C_but_with_explanations_.26_verification.29
Title: Re: sshd, reject new connections, but let existing finish
Post by: loejf on December 18, 2009, 09:46:34 PM: Hi.
Thank you very much.
That could be a way of doing it. Temporarily changing the port, do the stuff, and then turn the original back on.
And done by scripting, it should be a thing to overcome.
Loejf