Determining the port assigned by -R 0

Alex Bligh alex at alex.org.uk
Mon Oct 24 06:41:15 EST 2011



--On 23 October 2011 10:05:38 -0400 Glenn Maynard <glenn at zewt.org> wrote:

> I suppose that works, but it'd be better to do this server-side.  That
> way, the script run on the server doesn't have to trust the client to
> pass along correct information.  For example, if a client tries
> forwarding thousands of ports, the script could reliably detect that and
> close the connection. (This is a remote diagnostics script; the remote
> client is untrusted.)

I've just worked around this. I used a ForceCommand that runs a script
that walks up the process tree, and does the equivalent of lsof, puts the
the key used (parameter to the ForceCommand) and the port in a local db,
and waits. It's no use if you have 2 x -R, but if you know only one is
valid, then you can find it reliably and (I believe) securely.

> By the way, it'd be helpful to be able to specify eg. "PermitOpen none"; I
> ended up arriving at the same hack that this guy used:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543683.  It's minor, but
> it'd be nice to be able to do this correctly.

+1 - I independently came up with a very similar hack.

-- 
Alex Bligh


More information about the openssh-unix-dev mailing list