User id for the forwarder ports
Ángel González
keisial at gmail.com
Wed Jan 20 11:34:50 AEDT 2016
On 03/01/16 01:03, Esben Nielsen wrote:
> Hi,
>
> Question:
>
> Can a TCP server (running on the same host as the OpenSSH server) know
> the user id/name of a user forwarding an TCP port ?
> (...)
>
> So my question is:
> Is there any way to let the TCP application server know the user id of
> the SSH forwarded TCP connection?
Yes.
For instance a naive implementation could run a root netstat -e -tp
looking for the other side of its connection.
Even with an optimized search of the connection, I think you would need
to end up with a root process
scanning all fds per check, though.
Additionally, I should note that you seem to be attempting the wrong
solution ("tacklinh openssh in the middle") for your problem of
authorizing users, making it needlessly complex.
For instance, given that you seem to be developing the server side of
the application, why don't you require socks authentication? (yes, socks
protocol supports authentication, and even if the client implementation
doesn't, it'd be easier to fix it than your solution)
Regards
More information about the openssh-unix-dev
mailing list