Forcing privileged ports with ssh -R
Robert Dahlem
Robert.Dahlem at siemens.com
Wed Nov 13 05:47:17 EST 2002
Hi,
I have a daemon process which is changings things in the system only the
superuser should be allowed to change. Lets call it "riskyd".
Users use a frontend on the same machine (lets call it "risky"). risky
is a SUID program which talks to riskyd by binding to a privileged port,
then connecting to riskyd on localhost. riskyd cheks that the connection
is coming from localhost and from a privileged port to make sure the
partner is privileged.
Now - as an addition - I need connections from the network to riskyd
too. These connections must be tunneled through a secure connection.
The idea was to start something like
my_host: # ssh -R riskyd_port:localhost:riskyd_port -N other_host
This way the spawned sshd on other_host would listen() on riskyd's port,
incoming connections are tunneled to my_host (the host riskyd is running
on) and ssh makes a connection to the real riskyd on localhost
(my_host).
Some lousy ascii art:
my_host other_host
riskyd
^
| secure tunnel through network
ssh ===================================== spawned sshd
^
|
risky
Now from the users point of view it looks like riskyd is running on
other_host too: they can use risky, risky can connect to
localhost:riskyd_port. But in this case the real action is done on
my_host. riskyd still sees connections from localhost. So far, so good.
But: sshd on other_host will happily accept connections from non-
privileged ports, ssh will connect from a non-privileged port to
localhost. No way to check if the originating connection was from a
privileged port.
How could this be forced? I did not find any parameters ...
A stroll through the sources did not reveal something relevant (well, at
least not to me :-) so it seems not to be implemented yet.
Actually, remote forwarding is negotiated within some protocol between
ssh and sshd. No problem to change this slightly with a private patch.
If it only wouldn't incompatibly change the protocol.
So my idea is to implement it in a way that
client_request_forwarded_tcpip() in clientloop.c checks originator_port
for being in the priveleged range and - if yes - uses a privileged port
to connect.
Any comments?
Regards,
Robert
--
Robert.Dahlem at siemens.com
Siemens Business Services - SBS D ORS FS BO DEZ KORDOBA-Outsourcing
Tel: +49-69-797-6530 Fax: +49-69-797-6599
----------------------------------------------------------------------
Sent using PMMail (http://www.pmmail2000.com) - fast, decent, email
software; far better than Outlook. Try it sometime.
More information about the openssh-unix-dev
mailing list