User id for the forwarder ports
Esben Nielsen
nielsen.esben at gmail.com
Mon Jan 4 17:15:26 AEDT 2016
Den søndag den 3. januar 2016 skrev Darren Tucker <dtucker at zip.com.au>:
> On Sun, Jan 3, 2016 at 11:03 AM, Esben Nielsen <nielsen.esben at gmail.com
> <javascript:;>> wrote:
> > Can a TCP server (running on the same host as the OpenSSH server) know
> > the user id/name of a user forwarding an TCP port ?
> >
> > I.e. if someone on some client machine does
> > ssh -L9999:localhost:9999 someuser at somehost
> > nc localhost 9999
> > and a service accepts the connection on port localhost:9999 on
> > somehost, can it somehow safely read out the user name "someuser"?
>
> If sshd is running with PrivilegeSeparation (which it does by default)
> then the sshd for that connection will be running as "someuser". On
> Linux, your application can figure out what that user is by calling
> getsockopt with SO_PEERCRED on the socket (there's example code in
>
> https://anongit.mindrot.org/openssh.git/tree/openbsd-compat/bsd-getpeereid.c
> )
>
> --
>
Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
> Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
>
--
Sendt fra Gmail Mobil
More information about the openssh-unix-dev
mailing list