[WBEL-users] Howto Limit the priority for ssh tunnel?

Pablo Silva psilvao@yahoo.com
Wed, 15 Dec 2004 09:00:52 -0800 (PST) 

Dear People:

I need help for to solve this problem, next I present
the problem and commentaries that I have received in
comp.security.ssh

Thanks in advance for any hint.

-Pablo

-----START -----------------------
Autor:Pablo Silva O (psilvao@yahoo.com)
Asunto:Howto Limit the priority for ssh tunnel?
 
View this article only
Grupos de noticias:comp.security.ssh
Fecha:2004-12-12 04:15:52 PST

Dear People:

     I'm a Linux Administrator, I would like to limit
the priority
for user's ssh tunnels.

     I put this information in
/etc/security/limits.conf

jhon         hard    priority        19
jhon         hard    cpu             10
jhon         soft    nproc           20
jhon         hard    nproc           50

     But jhon make ssh tunnel from your house, as you
see:

11255 jhon   15   0  2176 2176  1776 S     0,0  0,4  
0:00   0 sshd
11263 jhon   15   0  2176 2176  1776 S     0,0  0,4  
0:00   0 sshd
11265 jhon   15   0  2176 2176  1776 S     0,0  0,4  
0:00   0 sshd
11266 jhon   15   0  2176 2176  1776 S     0,0  0,4  
0:00   0 sshd
11269 jhon   15   0  2176 2176  1776 S     0,0  0,4  
0:00   0 sshd
11271 jhon   15   0  2176 2176  1776 S     0,0  0,4  
0:00   0 sshd
11273 jhon   15   0  2176 2176  1776 S     0,0  0,4  
0:00   0 sshd
11275 jhon   15   0  2176 2176  1776 S     0,0  0,4  
0:00   0 sshd
11277 jhon   15   0  2176 2176  1776 S     0,0  0,4  
0:00   0 sshd
11284 jhon   15   0  2176 2176  1776 S     0,0  0,4  
0:00   0 sshd
22931 jhon   23   0  2144 2144  1768 S     0,0  0,4  
0:00   0 sshd
22946 jhon   23   0  2144 2144  1768 S     0,0  0,4  
0:00   0 sshd

 Jhon has not priority 19 but 0, why this? what I need
configurate
for renice your tunnels to low level priority?, My
Linux server is critical
and I need control for this.

Thank's in Advance for any hint.

- Pablo

Publicar un comentario acerca de este mensaje
Mensaje 2 de la secuencia
Autor:Richard E. Silverman (res@qoxp.net)
Asunto:Re: Howto Limit the priority for ssh tunnel?
 
View this article only
Grupos de noticias:comp.security.ssh
Fecha:2004-12-12 11:21:01 PST

limits.conf is used by PAM -- so your sshd needs to be
built with PAM
support, and also PAM needs to be configured to apply
the pam_limits
module to sshd.

-- 
  Richard Silverman
  res@qoxp.net

Publicar un comentario acerca de este mensaje
Mensaje 3 de la secuencia
Autor:Pablo Silva O (psilvao@yahoo.com)
Asunto:Howto Limit the priority for ssh tunnel?
 
View this article only
Grupos de noticias:comp.security.ssh
Fecha:2004-12-13 01:33:41 PST

limits.conf is used by PAM -- so your sshd needs to be
built with PAM
support, and also PAM needs to be configured to apply
the pam_limits
module to sshd.

-- 
  Richard Silverman
  res@qoxp.net

Richard:

    Is very very curious, because I'm using
whiteboxlinux distribution
, it's a RHEL 3.0 clon and I can see in
/etc/pam.d/sshd this information

#%PAM-1.0
auth       required     pam_stack.so
service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so
service=system-auth
password   required     pam_stack.so
service=system-auth
session    required     pam_stack.so
service=system-auth
session    required     pam_limits.so
session    optional     pam_console.so

  What's the wrong?, you see pam_limits.so but it's
ignored by sshd
why?

Greetings,
-Pablo

Publicar un comentario acerca de este mensaje
Mensaje 4 de la secuencia
Autor:k (blah!!!*@gmail.com)
Asunto:Re: Howto Limit the priority for ssh tunnel?
 
View this article only
Grupos de noticias:comp.security.ssh
Fecha:2004-12-13 07:31:33 PST

Pablo Silva O wrote:

> limits.conf is used by PAM -- so your sshd needs to
be built with PAM
> support, and also PAM needs to be configured to
apply the pam_limits
> module to sshd.
> 

Could just change the 'nice' level for the process..

Publicar un comentario acerca de este mensaje
Mensaje 5 de la secuencia
Autor:Pablo Silva O (psilvao@yahoo.com)
Asunto:Howto Limit the priority for ssh tunnel?
 
View this article only
Grupos de noticias:comp.security.ssh
Fecha:2004-12-14 02:05:37 PST

Pablo Silva O wrote:

> limits.conf is used by PAM -- so your sshd needs to
be built with PAM
> support, and also PAM needs to be configured to
apply the pam_limits
> module to sshd.
> 

k wrote:

>>Could just change the 'nice' level for the process..

Hi! K

   I'm agree with you, but if exist limits.conf and
it's works for 
all the users but no for jhon, I think that I need
extra configuration...
the problem I could solve making a bash script + cron
so that 
when find to jhon make nice for all your process.

   I think that something it's wrong, but what?, ssh
is a rpm
package compiled for whiteboxlinux, you can see exits
sshd pam file
but dosen't works whit ssh tunnel, it's  very very
curious..

Greetings,
Pablo


		
__________________________________ 
Do you Yahoo!? 
Take Yahoo! Mail with you! Get it on your mobile phone. 
http://mobile.yahoo.com/maildemo