SSH Session administrating

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi I use the ssh-server by fsecure and habe already tried out openssh and
that one by,
and all products work fine, but I wonder how to administrate online
How can I realize that some user has establish a connection to the server or
whether not ?
Sometimes you have to cancel one unlikeable/unallowed  personīs connection
have to restart the server.  I wonder how the administrator should know if
it is ok to restart the server or
if he is just going to interrupt some important filetransfer.

Can anybody help me out of conflict ?

Re: SSH Session administrating


Quoted text here. Click to load it

At least with OpenSSH's sshd, established sessions will stay alive
whenn you kill or restart the master sshd. And I don't think that
other sshds handle this differently.



Thomas Binder (Gryf @ IRCNet)
PGP-key available on request!

Re: SSH Session administrating

Thomas Binder wrote:

Quoted text here. Click to load it

This trick *usually* works just fine. If, however, you have just
replaced your sshd and restarted the daemon, I've had fascinating
problems with the ssh client used to do the work refusing to exit
gracefully. I'm not sure why this happened, but I've had to handcraft a
tool to do the ssh command to do the remote installation, restart the
daemon, then slap the ssh connection in the head to close it and keep it
from never exiting.

Re: SSH Session administrating

Nico Kadel-Garcia wrote:

Quoted text here. Click to load it
From a dated O'Reilly ssh bk the recommended practice is to:
kill -HUP `cat /path/to/`
Are your clients still in the need for a slap in the head if this method is
used instead of a kill and start?
Still working my way thru the book as to how I want OpenSSH to be configured
so thought I would ask the real world.

Re: SSH Session administrating

PDock wrote:
Quoted text here. Click to load it

They did. That recommended practice is precisely what the RedHat and
other init scripts use to restart the SSH daemon.

Quoted text here. Click to load it

It's been a while since I did that: the more recent RedHat RPM based
updates, for example, seem to work more gracefully. I used to have to
deal with a lot of hand-spun binary deployments, and got very cranky
about the weirdnesses I didn't have lots and lots of time to track down,
things that didn't operate *quite* right such as trying to reboot a
machine with an SSH login that is refusing to release its old, broken
NFS mounts. That would kill the SSHD before successfully releasing the
NFS mounts, and someone would have to walk over and power cycle the
machine to complete the reboot process.

Compiling openssh with pam


I am compiled openssh3.6.1p2 with PAM and using RSA Security (ACE) token.

the command I used to compile ssh as follow:

1. ./configure --with-pam

2. make

3. make install

After starting  the sshd daemon, I  authenticate using the command


On the SecurID server I was watching the log monitor and I saw the following
errors :

"ACCESS DENIED, syntax error" before I get the prompt for Passcode

and when I put my passcode, it let me login. Doing that for several time

SecurID puts me in the "next token code" and then disable my token.

I called RSA security and we found out that the problem was in the openssh.

when RSA sent me a compiled openssh that can be found on the internet, then

everything worked just fine with no errors.

The fact is that we can not depend on finding a compiled openssh with PAM on

internet, so I compiled my own version with Pam

but Of course I am sure I am missing some compilation switches and options.

SO my question to you is :

How do I compile an openssh that works with PAM on Unix or Linux.

Than you very much

Udi Gamliel


Udi Gamliel


Tel - 301-435-1968

10401 Fernwood 20814

Site Timeline