Detect PID of sshd processes used by one public key; detect -R allocated port on the server

Stephen Harris lists at
Sun Oct 9 00:55:00 EST 2011

On Sat, Oct 08, 2011 at 02:20:09PM +0100, Alex Bligh wrote:
> --On 8 October 2011 08:06:59 -0400 Stephen Harris <lists at> wrote:
> >>no-agent-forwarding,command="/bin/true",no-pty,no-user-rc,no-X11-forward
> >>ing,permitopen=""
> >
> >>But there seems to be no way to get the PIDs of an ssh process associated
> >>with a particular public key, as opposed to a particular user.
> >
> >Instead of command="/bin/true" use command="/path/to/script".  The script
> >can look at parent processes and work up the tree until it reaches the
> >sshd process.

> 1. when -N is used, command= / ForceCommand is not executed. It only forces
>   running of a command when there is either an interactive session
>   requested or a command on the command line.

I was assuming you would have do some work on how your application process
determined what port to talk to; you could have that dependent on having
had the script run.  So if the client uses -N then your application won't
talk to the forwarded port, which forces them to not do that :-)

> 2. (less of an issue), the user's shell can no longer be /bin/false; it has
>   to be a real shell.

Make the shell be the script.  Make the password for the account be '*'.
Now sshd will do "$SCRIPT -c $SCRIPT user1"; parse accordingly.



More information about the openssh-unix-dev mailing list