log port forwarding
Vincent LEFEVERE
Vincent.LEFEVERE at hei.fr
Fri Feb 10 07:10:20 AEDT 2017
Hello,
Not receiving a reply to the previous mail about logging port forwarding in the ssh daemon, let me explain the reason for this need. It is a question of using a machine as a bastion to isolate two networks and at the same time allow connections between these two networks via ssh tunnels.
For security reasons, it is necessary to keep track of each tunnel associated with the login used in a log.
It is of course necessary to set the user's shell to / bin / cat or an equivalent command so that the user can not run another solution to create tunnels.
The patch that I have previously suggested logs in syslog every outgoing or dynamic tunnel. But it does not log the incoming tunnels. What can be judged insufficient!
Using the variables displayed in debug, I discovered another problem: the address and port of the origin of the tunnels are always 0.0.0.0:0
This does not make it easy to link information between a firewall that logged an attack and the tunnel used by the attack (and the associated login).
So, I corrected this with a new patch attached. (I tested it with IPv4 and IPv6 tunnels on Linux.)
Could you tell me if you agree to integrate the feature (using or not the patch I gave you)?
Thank you
Best regards
Vincent Lefevere
More information about the openssh-unix-dev
mailing list