Detect PID of sshd processes used by one public key; detect -R allocated port on the server
Stephen Harris
lists at spuddy.org
Sun Oct 9 00:55:00 EST 2011
On Sat, Oct 08, 2011 at 02:20:09PM +0100, Alex Bligh wrote:
>
>
> --On 8 October 2011 08:06:59 -0400 Stephen Harris <lists at spuddy.org> wrote:
>
> >>no-agent-forwarding,command="/bin/true",no-pty,no-user-rc,no-X11-forward
> >>ing,permitopen="127.0.0.1:7"
> >
> >>But there seems to be no way to get the PIDs of an ssh process associated
> >>with a particular public key, as opposed to a particular user.
> >
> >Instead of command="/bin/true" use command="/path/to/script". The script
> >can look at parent processes and work up the tree until it reaches the
> >sshd process.
> 1. when -N is used, command= / ForceCommand is not executed. It only forces
> running of a command when there is either an interactive session
> requested or a command on the command line.
I was assuming you would have do some work on how your application process
determined what port to talk to; you could have that dependent on having
had the script run. So if the client uses -N then your application won't
talk to the forwarded port, which forces them to not do that :-)
> 2. (less of an issue), the user's shell can no longer be /bin/false; it has
> to be a real shell.
Make the shell be the script. Make the password for the account be '*'.
Now sshd will do "$SCRIPT -c $SCRIPT user1"; parse accordingly.
--
rgds
Stephen
More information about the openssh-unix-dev
mailing list