Get remote address when using direct-streamlocal at openssh.com.

Stef Bon stefbon at gmail.com
Wed Jun 21 20:08:31 AEST 2017


2017-06-02 8:15 GMT+02:00 Stef Bon <stefbon at gmail.com>:
>
> This will work, but is very constructed. might there be another easier way?

Hi,

I'm thinking about using pam for this purpose. My fileserver watches a file with
fanotify, getting the pid of the process which wants to open and write
to a file,
for example /run/ssh-remote-access

The sshd process uses a pammodule (pam_bfileserver for example in the
session phase of pam)
which writes information like:

%PID%:%PAM_RHOST%:%PAM_RUSER%

to this file. While it is busy doing so, other processes are blocked
to write to it.

When this data is written, bfileserver reads these values, compares
with the pid fanotify reported,
and if they match, bfileserver "knows" the remote address.
bfileserver clears the file, and allows access to it by other processes.
The pammodule should proceed if file not found.

Stef


More information about the openssh-unix-dev mailing list