Identify multiple users doing reverse port FWD with their pubkeys
Jochen Bern
Jochen.Bern at binect.de
Wed Feb 12 10:03:19 AEDT 2020
On 02/11/2020 07:07 PM, Clément Péron wrote:
> - I have X devices (around 30) and one SSH server
> - Each of them have a unique public key and create one dynamic reverse
> port forwarding on the server
> - All of them connect with the same UNIX user (I don't want to create
> a new user each time, I add a new device)
>
> When I connect to the server, I would like to know which pubkey as
> open which reverse port.
The auth happens when the device opens the SSH connection, and if your
logging verbosity is high enough, the pubkey's fingerprint will be
written to the log. If you really need to identify *the pubkey*, you'll
have to grab the PID of the sshd process holding the reverse port (can
be gleaned from the output of "{netstat,ss} -natp") and then search
through the logs for the lines of when it got started.
Whereas the *IP* of the device in question can be read on demand from
the same netstat/ss output, just look for the incoming SSH connection
held by the same PID ...
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4278 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20200211/086ddd8d/attachment.p7s>
More information about the openssh-unix-dev
mailing list