Restrict user resource on login node
I have been seeing this issue from day 1.
I came across this ContainerSSH: Launch containers on demand, and I think this might be a solution for the login node abuse issue we have had for so long.
ContainerSSH launches a new container for each SSH connection in Kubernetes, Podman or Docker. The user is transparently dropped in the container and the container is removed when the user disconnects. Authentication and container configuration are dynamic using webhooks, no system users required.