Re: User id for the forwarder ports

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Sun, Jan 3, 2016 at 11:03 AM, Esben Nielsen <nielsen.esben@xxxxxxxxx> wrote:
> Can a TCP server (running on the same host as the OpenSSH server) know
> the user id/name of a user forwarding an TCP port ?
>
> I.e. if someone on some client machine does
>   ssh -L9999:localhost:9999 someuser@somehost
>   nc localhost 9999
> and a service accepts the connection on port localhost:9999 on
> somehost, can it somehow safely read out the user name "someuser"?

If sshd is running with PrivilegeSeparation (which it does by default)
then the sshd for that connection will be running as "someuser".  On
Linux, your application can figure out what that user is by calling
getsockopt with SO_PEERCRED on the socket (there's example code in
https://anongit.mindrot.org/openssh.git/tree/openbsd-compat/bsd-getpeereid.c)

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux