拒绝对特定的主机/ IP

Question

1. I have a bot machine (controlled via mobile device) which connects to the Server and fetch information from it by method os "ssh, shell script, os commands,sql queries etc" than it feed that information over the internet (private)
2. I want to disallow this multiple connection to the server via the bot machine ONLY.. there are other machine which connects to the server which must not be affected

假设

Client A from his mobile acess bot machine (via webpage) than the bot machine connect to server (1st session) now if the process of this connection is 5 minute during this period the bot machine will be creating, quering, deleting, appending, updating etc

in the very mean time of that 5 minute duration (suppose 2min after the 1st session started) Client B from his mobile access bot machine (via webpage) than the bot machine connect to server (2nd session) now it will conflict with the 1st session and create Havoc...

限制

1. Now first of all i do not want to editing any setting on the SERVER ANY WHAT SO EVER
2. I do not want to edit the webpage/mobile etc
3. I already know abt the lock file method of parallel shell script and it is implemented at script level but what abt the OS commands and stuff like that which are not in bash script

我的吼声

平行ssh连接到服务器

Answer 1

我假设你有ssh的帐户单一登录和，这在登录时运行的脚本

到脚本在登录

#!/bin/bash 
LOCK_FILE="/tmp/sshlock" 
trap "rm $LOCK_FILE; exit" SIGHUP SIGINT SIGTERM 

if [ $(((`date +%s` - `stat -L --format %Y $LOCK_FILE`) < (30*60))) ]; then 
    exit 0 
fi 
touch $LOCK_FILE 

当过程的ssh登录添加这样的事情通话结束时，删除$ LOCK_FILE

的trap声明是锁定的这样一个重要组成部分，请不要使用它

“30 * 60“是一个30分钟的超时时间，这要归功于这个问题的答案How can I tell if a file is older than 30 minutes from /bin/sh?

Answer 2

也许尝试使用limits.conf来为用户/组强制实施1次登录的硬限制。

您可能需要定期执行cron作业来检查并删除任何过时的登录。

锁定/互斥锁很难正确并且增加复杂性。 limits.conf中最UNIX/Linux系统的标准功能，应该是更可靠的，强调应该......

类似的问题在这里提出：这里 https://unix.stackexchange.com/questions/127077/number-of-ssh-connections-on-a-single-linux-machine

详情： http://linux.die.net/man/5/limits.conf