I have a small issue with student logging in to several workstations, and sharing accounts. To prevent this behaviour (since it breaks there user settings and I want to know who is logged in and where, not letting them share accounts) I have tried to find a way to log out user on the former workstation when they log in to a new. Today I run a mixed setup with tjener on Squeeze and two ltsp-servers one on squeeze (going down very soon) and another on Wheezy.
My short question is, has anyone come up with a better solution for this? Or can you think of a better idea to solve this problem?
My original idea was to write a script similar to down to be run when user log in;
_________
#!/bin/bash
# Author: george.bredberg@folkbildning.net
# Purpose: Log out user from ws if they log in to a second
# For this script to work, root has to be enabled in chroot(?), and somehow any client has to be able to run the ssh command
# Author: george.bredberg@folkbildning.net
# Purpose: Log out user from ws if they log in to a second
# For this script to work, root has to be enabled in chroot(?), and somehow any client has to be able to run the ssh command
# on any other ws as root or as them selves (since its them being logged in..)
# Extract all users entries from rwho and show the ws part
host=`hostname | sed 's/\..*//'`
for logins in `rwho | grep $USER | awk '{print $2}' | sed 's/:.*//'`; do
# echo $logins # debug entry
if [ $host != $logins ]; then
echo "Användaren är redan inloggad"
ssh -o StrictHostKeyChecking=no root@$logins 'pkill -KILL -u $USER'
fi
done
___________
# Extract all users entries from rwho and show the ws part
host=`hostname | sed 's/\..*//'`
for logins in `rwho | grep $USER | awk '{print $2}' | sed 's/:.*//'`; do
# echo $logins # debug entry
if [ $host != $logins ]; then
echo "Användaren är redan inloggad"
ssh -o StrictHostKeyChecking=no root@$logins 'pkill -KILL -u $USER'
fi
done
___________
Problem is, for it to work, I dont see any other way then to let every ws have the ability to log in to every other ws as root using keys ![*:-SS biter på naglarna]()
Not really an option.
So I came up with this instead, to be run via cron on a regular (and short) interval; (Down actually works, but problem is, it will take some time before the old log in get purged.. depending on how often it will be run. And I guess it will use up unessecary cpu resources.)
___________
#!/bin/bash
# Author: george.bredberg@folkbildning.net
# Purpose: Log out user from ws if they log in to a second ws
# For this script to work, root has to be enabled in chroot, and public key from tjener has to be in root@chroot so root@tjener can log into any ws passwordless.
# Let tjener loop through rwho at intervals and kill old logins
# So, we want to look for one user at a time, and see if that user has entries for more then one host
# If User have entries for several hosts, kill the first one(s) (since rwho shows them sorted by time)
# This will only kill the oldest log in, but if we run it in intervall, say every 2 minutes, that will not matter.
IFS=$'\n' # make newlines the only separator
change=user # Any value, to start with, so we can see when $change changes, without bash throwing us errors
for entries in `rwho`; do
login=`echo $entries | awk '{print $1}'`
client=`echo $entries | awk '{print $2}' | sed 's/:.*//'`
# echo; echo $login # debug entry
if [ $change == $login ]; then
# echo $client # debug entry
if ([ $firstlogin != $client ] && [ $login != "root" ]); then
echo "Loggar ut $login från $firstlogin"
# Since not all keys for all ws are in tjeners known_hosts entries, I use StrictHostKeyChecking=no
# Its tjener logging in to a ws, so it should be safe (I hope).
# I use batchmode so login will be aborted if keys does not work. To be extra safe, I also use a timeout.
ssh -o StrictHostKeyChecking=no -o BatchMode=yes -o ConnectTimeout=5 root@$firstlogin "pkill -KILL -u $login"
fi
fi
firstlogin=$client
change=$login
done
____________
# Author: george.bredberg@folkbildning.net
# Purpose: Log out user from ws if they log in to a second ws
# For this script to work, root has to be enabled in chroot, and public key from tjener has to be in root@chroot so root@tjener can log into any ws passwordless.
# Let tjener loop through rwho at intervals and kill old logins
# So, we want to look for one user at a time, and see if that user has entries for more then one host
# If User have entries for several hosts, kill the first one(s) (since rwho shows them sorted by time)
# This will only kill the oldest log in, but if we run it in intervall, say every 2 minutes, that will not matter.
IFS=$'\n' # make newlines the only separator
change=user # Any value, to start with, so we can see when $change changes, without bash throwing us errors
for entries in `rwho`; do
login=`echo $entries | awk '{print $1}'`
client=`echo $entries | awk '{print $2}' | sed 's/:.*//'`
# echo; echo $login # debug entry
if [ $change == $login ]; then
# echo $client # debug entry
if ([ $firstlogin != $client ] && [ $login != "root" ]); then
echo "Loggar ut $login från $firstlogin"
# Since not all keys for all ws are in tjeners known_hosts entries, I use StrictHostKeyChecking=no
# Its tjener logging in to a ws, so it should be safe (I hope).
# I use batchmode so login will be aborted if keys does not work. To be extra safe, I also use a timeout.
ssh -o StrictHostKeyChecking=no -o BatchMode=yes -o ConnectTimeout=5 root@$firstlogin "pkill -KILL -u $login"
fi
fi
firstlogin=$client
change=$login
done
____________
Regards /George