拒絕對特定的主機/ IP

Question

1. I have a bot machine (controlled via mobile device) which connects to the Server and fetch information from it by method os "ssh, shell script, os commands,sql queries etc" than it feed that information over the internet (private)
2. I want to disallow this multiple connection to the server via the bot machine ONLY.. there are other machine which connects to the server which must not be affected

假設

Client A from his mobile acess bot machine (via webpage) than the bot machine connect to server (1st session) now if the process of this connection is 5 minute during this period the bot machine will be creating, quering, deleting, appending, updating etc

in the very mean time of that 5 minute duration (suppose 2min after the 1st session started) Client B from his mobile access bot machine (via webpage) than the bot machine connect to server (2nd session) now it will conflict with the 1st session and create Havoc...

限制

1. Now first of all i do not want to editing any setting on the SERVER ANY WHAT SO EVER
2. I do not want to edit the webpage/mobile etc
3. I already know abt the lock file method of parallel shell script and it is implemented at script level but what abt the OS commands and stuff like that which are not in bash script

我的吼聲

平行ssh連接到服務器

Answer 1

我假設你有ssh的帳戶單一登錄和，這在登錄時運行的腳本

到腳本在登錄

#!/bin/bash 
LOCK_FILE="/tmp/sshlock" 
trap "rm $LOCK_FILE; exit" SIGHUP SIGINT SIGTERM 

if [ $(((`date +%s` - `stat -L --format %Y $LOCK_FILE`) < (30*60))) ]; then 
    exit 0 
fi 
touch $LOCK_FILE 

當過程的ssh登錄添加這樣的事情通話結束時，刪除$ LOCK_FILE

的trap聲明是鎖定的這樣一個重要組成部分，請不要使用它

「30 * 60「是一個30分鐘的超時時間，這要歸功於這個問題的答案How can I tell if a file is older than 30 minutes from /bin/sh?

Answer 2

也許嘗試使用limits.conf來爲用戶/組強制實施1次登錄的硬限制。

您可能需要定期執行cron作業來檢查並刪除任何過時的登錄。

鎖定/互斥鎖很難正確並且增加複雜性。 limits.conf中最UNIX/Linux系統的標準功能，應該是更可靠的，強調應該......

類似的問題在這裏提出：這裏 https://unix.stackexchange.com/questions/127077/number-of-ssh-connections-on-a-single-linux-machine

詳情： http://linux.die.net/man/5/limits.conf