[Bug 3704] Implement an interface to capture port number of random remote port forwarding -R 0:localhost:22
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sun Jul 7 06:36:06 AEST 2024
https://bugzilla.mindrot.org/show_bug.cgi?id=3704
Nikola <root at nixsum.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |root at nixsum.net
--- Comment #1 from Nikola <root at nixsum.net> ---
As a third observer I'd like to suggest you try something else.
You can use a unix socket instead as it will be easier to track.
The below example assumes your "controller" uses pam_systemd for user
sessions.
I also assume you are using a separate user and ssh key for each IOT
client.
On the IOT client:
$ export remote_uid=`ssh iot_device_1 at debbie 'id -u'`
$ ssh iot_user_1 at controller -R
/run/user/$remote_uid/sshd.sock:localhost:22
On the controller to connect to the IOT device you can use:
# ssh -o "ProxyCommand socat - UNIX-CLIENT:/run/user/`id -u
iot_user_1`/sshd.sock" iot_user_1 at iot_device_1
This way you can always correlate a user to their forwarded socket and
they can only create a unix socket with their limited permissions.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list