[PATCH] Expose remote forwarding ports as environment variable

Alex Bligh alex at alex.org.uk
Fri May 17 03:11:33 EST 2013


On 16 May 2013, at 07:16, Darren Tucker wrote:

>> the attached patch against openssh 6.2p1 exposes remote
>> forwarding ports to the remote shell:
> 
> That's not going to be entirely accurate because the environment is
> inherited at the time the shell is started, but port forwards can be
> added and deleted at any time (either via escape sequences or the
> control socket).
> 
> Taking the example from your web page, you can already do what you want
> via the control socket:

Any ideas on how you can do this server side? EG, I have n people
with different public keys, Alice, Bob, Charlie, who each ssh in
with a forceCommand or similar to stop them doing anything except
a -R port forwarding, using the same UID.

At the server end, I want to connect to Alice's -R forwarding.
I can't rely on Alice telling me which -R port she's connecting
to, as she might tell me Bob's port. So I need to know which
session is associated Alice using server side information only.

I have a nasty hack which (in essence) involves making forceCommand
run something server side which records the PID of sshd, looks
at the table of listening sockets, sees what processes own them,
and links up the two. This is pretty disgusting.

-- 
Alex Bligh






More information about the openssh-unix-dev mailing list