Restrict maximum number of SSH logins of a user

Similar Messages

• Maximum number of fabric logins

  Hi there
  I need to provide documented references for a large SAN, and have a few queries.
  I have the show tech-supports for an edge-core-edge SAN consisting of 2 redundant fabrics.
  There are 4 host edges, 1 core, 4 storage edges per fabric. All are MDS 9500 series directors, running SAN-OS 3.2.2a.
  In the Large SAN Design Best Practices whitepaper
  (http://www.cisco.com/en/US/prod/collateral/ps4159/ps6409/ps5990/white_paper_C11-515630.pdf)
  there is a reference to the maximum number of fabric logins.
  "The Cisco MDS Family supports up to 10,000 fabric logins in a physical fabric, regardless of the number of VSANs in the network."
  1) Is this specifically refering to the number of f_ports?
  2) If not, what is the 10,000 referring to?
  In the Cisco MDS NX-OS Release 5.0 Configuration Limits
  (http://www.cisco.com/en/US/docs/switches/datacenter/mds9000/sw/5_0/configuration/guides/limits/limits_50.html)
  there is a mention of 10000 FCNS entries per fabric.
  This is the only reference I can find that correlates the two limits.
  The Configuration Limits for Cisco MDS SAN-OS Release 3.x
  (http://www.cisco.com/en/US/products/ps5989/prod_troubleshooting_guide_chapter09186a0080679fd4.html)
  makes no mention of FCNS or fabric login limits.
  3) Is the reference to 10000 FCNS entries (in the NX-OS 5 limits) also the number of fabric logins?
  In the show tech-support, there is a command
  `show tech-support fcns`
  `show fcns database vsan 1-4093`
  VSAN 431:
  FCID        TYPE  PWWN                    (VENDOR)        FC4-TYPE:FEATURE
  0x050002    N     50:06:04:8c:52:a6:c0:69 (EMC)           scsi-fcp 253
  0x050003    N     50:06:04:84:52:a6:c0:49 (EMC)           scsi-fcp:both 253
  0x050004    N     50:06:04:8c:52:a6:c0:49 (EMC)           scsi-fcp 25
  <.. output abbreviated for brevity>>
  Total number of entries = 1066
  4) Does this mean that there are 1066 fabric logins?
  When I look further in to it, and see the command
  `show fcns database detail vsan 1-4093`
  VSAN:431   FCID:0x0500b1
  port-wwn (vendor)           :10:00:00:00:c9:72:4d:9c (Emulex)   
                               [nus157_hba0_0]
  node-wwn                    :20:00:00:00:c9:72:4d:9c
  class                       :3
  node-ip-addr                :0.0.0.0
  ipa                         :ff ff ff ff ff ff ff ff
  fc4-types:fc4_features      :ipfc scsi-fcp
  symbolic-port-name          :
  symbolic-node-name          :Emulex LPe11002-S FV2.82a4 DV2.50o
  port-type                   :N
  port-ip-addr                :0.0.0.0
  fabric-port-wwn             :21:07:00:0d:ec:3a:44:c0
  hard-addr                   :0x000000
  permanent-port-wwn (vendor) :10:00:00:00:c9:72:4d:9c (Emulex) 
  It shows that most of the entries have the port-type: N.
  5) Does this mean they are N_ports, not F_ports?
  I would really appreaciate answers to these questions.

  John,
  Cisco NXOS Configuration Limits (reference/background link)
  1) Is this specifically refering to the number of f_ports?
       Answer: Yes, the 10k logins in the Design Guide Whitepaper refer to the number of Fabric logins, not the number of physical ports.  This is because you could have a single F_Port that has multiple logins as part of it.  For example, an Nexus 5000 in NPV mode could connect to a MDS 9513 via one F_port (NP_Port on the Nexus 5k), but have many Fabric Logins (technically, one FLOGI and multiple FDISC).
  2) If not, what is the 10,000 referring to?
       Answer: Number of devices logged into the Fabric not the number of ports in the fabric.
  3) Is the reference to 10000 FCNS entries (in the NX-OS 5 limits) also the number of fabric logins?
       Answer: Yes, since every device out there that FLOGIs into the fabric registers with the nameserver.
  4) In the below output does this mean that there are 1066 fabric logins?
  In the show tech-support, there is a command
  `show tech-support fcns`
  `show fcns database vsan 1-4093`
  VSAN 431:
  FCID        TYPE  PWWN                    (VENDOR)        FC4-TYPE:FEATURE
  0x050002    N     50:06:04:8c:52:a6:c0:69 (EMC)           scsi-fcp 253
  0x050003    N     50:06:04:84:52:a6:c0:49 (EMC)           scsi-fcp:both 253
  0x050004    N     50:06:04:8c:52:a6:c0:49 (EMC)           scsi-fcp 25
  <.. output abbreviated for brevity>>
  Total number of entries = 1066
  Answer: Yes.
  5) Does this mean they are N_ports, not F_ports?
  When I look further in to it, and see the command
  `show fcns database detail vsan 1-4093`
  VSAN:431   FCID:0x0500b1
  port-wwn (vendor)           :10:00:00:00:c9:72:4d:9c (Emulex)   
                               [nus157_hba0_0]
  node-wwn                    :20:00:00:00:c9:72:4d:9c
  class                       :3
  node-ip-addr                :0.0.0.0
  ipa                         :ff ff ff ff ff ff ff ff
  fc4-types:fc4_features      :ipfc scsi-fcp
  symbolic-port-name          :
  symbolic-node-name          :Emulex LPe11002-S FV2.82a4 DV2.50o
  port-type                   :N
  port-ip-addr                :0.0.0.0
  fabric-port-wwn             :21:07:00:0d:ec:3a:44:c0
  hard-addr                   :0x000000
  permanent-port-wwn (vendor) :10:00:00:00:c9:72:4d:9c (Emulex) 
  It shows that most of the entries have the port-type: N.
  Answer: An N_Port is an end device like a storage port or an HBA, which connects to an F_Port (Fabric Port) which is the corresponding port on the switch.  This is why you see it as an port-type of N, rather than NL (Node Loop) F, E, or FL (Fabric Loop), as only N or NL can represent the end device itself and not the port on the switch.
  Hope this helps,
  Seth

• Set "Maximum number of recipients" option for specific users in Exchange 2010

  I have some set of users who usually send bulk emails outside. I need to increase the value for these users for"Maximum number of recipients" as 999.
  Any help or suggestion is appreciated.
  Thanks,
  RIWAA
  RIWA

  Hi Riwa ,
  Really sorry for providing the wrong value on MaxRecipientEnvelopeLimit in my previous post.
  The default value for MaxRecipientEnvelopeLimit is 5000
  Reference Link : http://technet.microsoft.com/en-us/library/bb124151%28v=exchg.150%29.aspx
  MaxRecipientEnvelopeLimit
  Optional
  Microsoft.Exchange.Data.Unlimited
  This parameter is available only in on-premises Exchange 2013.
  The MaxRecipientEnvelopeLimit parameter specifies the maximum number of recipients in a message. The default value is 5000. The valid input range for this parameter is from 0 through 2147483647.
  If you enter a value ofUnlimited, no limit is imposed on the number of recipients in a message. Exchange treats an unexpanded distribution group as one recipient.
  ANDY thanks a lot for intimating and making me to have a clear understanding on this case.
  Thanks & Regards S.Nithyanandham

• Disable GUI/SSH Login for specific users

  I have two groups,
  sshonly
  guionly
  As the name suggestes i want only ssh login permitted to the first group of users and only gui login permitted to the next group of users.
  Is it possible?

  Ok Solved it. This is what i did.
  Create a user with "standard" previlage not "sharing only"
  Because "sharing only" user has no shell or no home directory. You need both of that for ssh login.
  To Enable sshSelect the user/group in remote access option system preferences -> sharing
  To Disable sshDont select the user
  To Enable GUI LoginDefault enabled, so dont have to do anything again
  To Disable GUI Login
  There are two things you can do (http://hints.macworld.com/article.php?story=20080127172157404)
  Disable all the user with userid less than 500 to not have a gui login, this is the command for that
  $ sudo defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool TRUE
  Or else add specific users to the hiddenuser list, i prefer this one, because we don't have to change the user id just for this.
  $ sudo defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array $USERNAME
  And finally remove the other option from the login window
  $ sudo defaults write /Library/Preferences/com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool FALSE

• Maximum number of MRAS requests / allocations per user?

  Hello,
  I have a test C++ SIP application that registers to a Lync edge server and is able to perform MRAS requests to it.
  The MRAS responses allow me to create TURN allocations on the TURN component of the edge server. However, I seem to be hitting a limit with the number of simultaneous TURN allocations I can create with a single registration.  I seem to be able to create
  a maximum of 50 TURN allocations for that single registration.
  Is this a configurable option - either per user / per edge server etc - for the maximum number of TURN allocations a single Lync user can simultaneously have?  Or is there anything else I can put in the SIP/TURN signalling to increase this limit?
  Many thanks,
  Simon

  Hi,
  You may need to custom your own Lync server, so you might post the issue on Lync MSDN forum and more developing expert will help to verify the information using Lync SDK. Thank you for your understanding.
  http://social.msdn.microsoft.com/Forums/en-US/communicatorsdk/threads
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• How to find out maximum number of sessions allowed to a user?

  Hello all,
  Can you please tell me how can I find out the maximum concurrent sessions are allowed to a particular or all users in the Oracle database?
  I am currently using the Oracle 9.0.2 database server.
  I tried to query v$license, it gave me NULL records.
  Thanks in advance
  Himanshu

  Users have a profile. example :
  CREATE PROFILE DEFAULT LIMIT
            SESSIONS_PER_USER UNLIMITED
            CPU_PER_SESSION UNLIMITED
            CPU_PER_CALL UNLIMITED
            CONNECT_TIME UNLIMITED
            IDLE_TIME UNLIMITED
            LOGICAL_READS_PER_SESSION UNLIMITED
            LOGICAL_READS_PER_CALL UNLIMITED
            COMPOSITE_LIMIT UNLIMITED
            PRIVATE_SGA UNLIMITED
            FAILED_LOGIN_ATTEMPTS UNLIMITED
            PASSWORD_LIFE_TIME UNLIMITED
            PASSWORD_REUSE_TIME UNLIMITED
            PASSWORD_REUSE_MAX UNLIMITED
            PASSWORD_LOCK_TIME UNLIMITED
            PASSWORD_GRACE_TIME UNLIMITED
            PASSWORD_VERIFY_FUNCTION NULL;
  SESSIONS_PER_USER is the one you are looking for. You can find more here:
  Select * FROM SYS.DBA_PROFILES WHERE PROFILE = :Name

• Maximum  number of joins in OpenSQL (java framework)

  Hi,
  I have a question on the restriction of the number of joins a OpenSQL can support??
  I have searched in alot of places.. but the question remains unanswered....
  Open SQL statements will work in any SAP R/3 System, regardless of the database system in use.... but does OpenSQl itself have any restrictions / maximum number of joins that it supports.
  kindly need help on this ..
  Regards,
  Sana javeed
  Edited by: Sana Javeed on Dec 6, 2011 5:02 AM

  i found a link which refers to the maximum number of tables after the FROM clause of the OpenSQL Query ....
  where it mentions : To ensure program portability, specify no more than 15 tables in a query, including the tables in the from list and tables in subqueries. (Individual host database management systems may allow more than 15 tables.)
  [http://docs.actian.com/ingres/9.2/opensql-reference-guide/3802-osql-from-clause|http://docs.actian.com/ingres/9.2/opensql-reference-guide/3802-osql-from-clause]

• What is the Maximum Number of Concurrent Sessions allowed on a Shared Exchange Mailbox ?

  Hi,
  I have a query that how many concurrent sessions are allowed on a Resource Mailbox ?
  E.g. I have a scenario in which i run a Helpdesk, and it has an email address ([email protected]), where company employees can email thier IT Issues/requests.
  Now I have hired say 50 Service Desk agents, now is it possible that all 50 can access the IThelpdesk mailbox at one time ? Are there any limits on the number of the concurrent sessions of the mailbox ? What are the the permutations and combinations in this
  case ?
  ** The mailbox is on Exchange Server 2003**
  Regards,
  Tojo Thankachan
  +91 7875039665

  Hi,
  Exchange Server 2003 SP1 imposes a restriction on the number of permitted MAPI sessions per user. By default, the maximum number of permitted MAPI sessions per user is set to a hexadecimal value of 0x20 after you apply Exchange Server 2003 SP1.
  Generally, Event ID 9646 will be logged in the application event log of your Exchange Server 2003 computer when a client opens many MAPI sessions. Here is a KB descripted the details of it:
  http://support.microsoft.com/kb/842022
  For more information about MAPI session limit, please refer to:
  http://technet.microsoft.com/en-us/library/dd159906(v=exchg.80).aspx
  Thanks,
  Winnie Liang
  TechNet Community Support

• Maximum number of sessions in the portal

  Hi,
  Please, do you know the maximum number of sessions that a particular user can open in the portal 7 ?
  and it´s posible to limit the number of sessions of a user
  thanks in advance.

  carlos,
  you can set a maximum session limit for each web module. so, if you for example want to limit the number of sessions in your portal, you could do it for the Web Module "irj"
  Use NWA and navigate to Configuration / Application Module
  check: http://help.sap.com/saphelp_nw70/helpdata/EN/b9/665b42cfca5542e10000000a1550b0/frameset.htm
  kr, achim

• This user is allowed a maximum number of 5 concurrent shells, which has been exceeded.

  I have a C# component which executes Powershell scripts in powershell environment. Suddenly it started to show some issues, Now, when I try to execute the following, it shows exception
      Enter-PSSession -ComputerName 192.21.10.71 -Credential abc\admin
  The exception is given below...
      Enter-PSSession : Connecting to remote server failed with the following error message : 
      The WS-Management service cannot process the request. **This user is allowed a maximum 
      number of 5 concurrent shells, which has been exceeded.** Close existing shells or raise 
      the quota for this user. For more information, see the about_Remote_Troubleshooting 
      Help topic.
      At line:1 char:16
      + Enter-PSSession <<<<  -ComputerName 192.21.10.71 -Credential abc\admin
          + CategoryInfo          : InvalidArgument: (192.21.10.71:String) [Enter-PSSession], 
      PSRemotingTransportException
          + FullyQualifiedErrorId : CreateRemoteRunspaceFailed
  I fear, this is because I haven't properly closed / disposed the runspaces created in c# component.
  Here is the code extracted from my component
  Collection<PSObject> objPS = new Collection<PSObject>();
      PowerShell powershell = PowerShell.Create();
  PSCredential credential = new PSCredential(strUserName, password);
      objRunspace = RunspaceFactory.CreateRunspace();
  objRunspace.Open();
  objPS = powershell.Invoke();
  finally 
                  objRunspace.Dispose();
  I am beating the bush, instead of finding the root cause of this issue.
  Thanks...

  Hi,
  Even I am facing the same issue while trying to open session in my C# code. 
  I have created and using one System.Management.Automation.Runspaces.Runspace object. Which is created by calling Open() method.
  At the end while exiting the program I am calling Dispose() method.
  Initially when I wrote this client, I was able to run powershell commands without any issue. After some days of use I got this below exception.
  Result Message: Assembly Initialization method 
  InitializeLyncTestSuite threw exception. System.Management.Automation.Remoting.PSRemotingTransportException: System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server failed with the following error message : The WS-Management
  service cannot process the request. The maximum number of concurrent shells for this user has been exceeded. Close existing shells or raise the quota for this user. For more information, see the about_Remote_Troubleshooting Help topic.. Aborting test execution.
  Result StackTrace:
  at System.Management.Automation.Runspaces.AsyncResult.EndInvoke()
     at System.Management.Automation.Runspaces.Internal.RunspacePoolInternal.EndOpen(IAsyncResult asyncResult)
     at System.Management.Automation.Runspaces.Internal.RemoteRunspacePoolInternal.Open()
     at System.Management.Automation.Runspaces.RunspacePool.Open()
     at System.Management.Automation.RemoteRunspace.Open()
  After restarting all the Lync Server services I was able to avoid this exception. But after using this client couple of times now, I am facing the same issue again.
  Does calling Dispose() method is not enough for closing a session from C# code? Or should I use something else to close session from C# client?

• MULTIPLE LOGIN WITH SAME USER ID

  Hi,
  As per my understanding, multiple login to the portal with the same user id and password is allowed.
  Now,
  1. Is it possible to disbale this in the portal so that user can login to the portal only once?
  2. Is it possible to allow specified no of logins with the same user id?
  Any response is highly appreciated.
  regards,
  Chandra

  What you're trying to do just doesn't work that well with any web application, let alone NW.  There are various problems with trying to restrict the number of sign ons:
  If a user signs into the portal and then walks away, they are unable to sign in again from another workstation.  What if they want to give a demo to a user elsewhere in the company while they're still signed in at their desk?  This is really just a user-issue, but an annoying one that will almost certainly drive certain users nuts.
  What if the user's web browser crashes (an unfortunately common occurence).  They can't sign in again until their session times out.  Either that, or they call the portal admin to clear out their session (how?  I don't know).  The portal admin probably has better things to do than cleaning up orphan sessions.
  If a user can't sign in multiple times, they can always open a related browser session, thereby having multiple entry points into the portal.
  So, in short, you really can't enforce a 'sign in once' rule.  By association, you therefore can't restrict them to a maximum number of sign-ins either...
  Hope that helps you out.  Points are always good

• Limiting Number of connections from a single user

  Hi ,
  I am using 9.2.0.6 DB, i need to restrict the number of connections from a single user to 100.
  Currently the user is having DEFAULT profile, this profile is having several other users associated to it.
  What are all the available options to create restriction for a single user.
  Create a new profile and add the user to the New profile is the option i have.
  In that case can i create a copy of the Default profile and changing the SESSIONS_PER_USER to 100? will it work.
  Appreciate your suggestion.
  Thanks,
  Sathis
  Edited by: user7043544 on Feb 22, 2010 9:46 PM

  Hi,
  Since it is a default profile you can just create a new profile with the resource type you are interested it.
  And if you want to copy the existing profile extract its ddl through below command, change the profile name and required resource and run against the db.
  select dbms_metadata.get_ddl('PROFILE','<Profile_name>') from dual;Regards
  Anurag

• I am trying to setup iCloud account and when I login I see a popup. The Maximum number of free accounts have been activated on this iPhone. Pls, help me fix it. What other accounts? Thanks

  I am trying to setup iCloud account and when I login I see a popup. The Maximum number of free accounts have been activated on this iPhone. Pls, help me fix it. What other accounts? Thanks

  Then you'll have to use another iOS device or Mac running OS X Lion or higher to create a new account for you to use on your phone.  If you don't have one, perhaps a friend would allow you to create and account on their device (note: this will use one of their three maximum accounts).  To do this, they would need to go to Settings>iCloud, tap Delete Account (which will delete the account from their device but not from iCloud), then allow you to sign back in with your ID to create the new account.  Then tap Delete Account to delete the new account from their device, and finally, sign back in with their iCloud ID to restore their iCloud account to their device.  Then you can sign in with your ID on your phone in Settings>iCloud and use the new account.

• SSH login- how do I restrict access to a shared folder?

  I have created Shares in WGM for SMB and AFP access on my OS X 10.4.8 Server. However when I connect via SSH it's not restricting access to the folder based on the User Name I login with- I see the entire volume! How do I restrict access to a specific folder based on a user name setup in WGM? ACL's?

  Hey George,
  It sounds like you are trying to limit ssh/sftp users to a specific area, aka jails. The FTP server lets you 'chroot' users to a certain area making it appear as the root thus preventing them from navigating up the hierarchy, which is what I think you, and me and many others are trying to accomplish.
  The ssh compiled into OS X is missing this very needed feature. There have been a few documented workarounds, but they've either been too insecure or too clunky for me.
  I've dealt with the fact that my users can get to the root of the hard drive, and have just been very careful about my privileges (by using ACLs), thus preventing them from getting inside areas they shouldn't.
  There's a good write up here: http://www.schwie.com/brad/macosxsftpchroot/ and if you include the term 'chroot' in your searches, you should find a bit about it here too.
  And Roger, I think George meant the file sharing protocol used by ssh. man sftp.

• How to find out maximum number of login users?

  Hi all,
  Is there anyway to find out what is the maximum number of login users since a database is started? Maybe I should ask, what's the largest number of sessions has been opened in a busy time of a database since it is started?
  I know v$session is my target. But how can I find out hte HWM of opened sesions?
  Thanks.

  Thanks Serch-NET. That's what I'm doing today. I should be a little more specific. I'm looking for a script that lends itself to automation. A script that can determine all the databases on a given server, find their background dump dest., grep all alert logs and return the highest of the HWM's. This is all scripting I could do myself, but being a follower of the Lazy DBA, I was hoping someone else had done it. :-)
  Thanks again.