Re: User id for the forwarder ports

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Den søndag den 3. januar 2016 skrev Darren Tucker <dtucker@xxxxxxxxxx>:

> On Sun, Jan 3, 2016 at 11:03 AM, Esben Nielsen <nielsen.esben@xxxxxxxxx
> <javascript:;>> wrote:
> > Can a TCP server (running on the same host as the OpenSSH server) know
> > the user id/name of a user forwarding an TCP port ?
> >
> > I.e. if someone on some client machine does
> >   ssh -L9999:localhost:9999 someuser@somehost
> >   nc localhost 9999
> > and a service accepts the connection on port localhost:9999 on
> > somehost, can it somehow safely read out the user name "someuser"?
>
> If sshd is running with PrivilegeSeparation (which it does by default)
> then the sshd for that connection will be running as "someuser".  On
> Linux, your application can figure out what that user is by calling
> getsockopt with SO_PEERCRED on the socket (there's example code in
>
> https://anongit.mindrot.org/openssh.git/tree/openbsd-compat/bsd-getpeereid.c
> )
>
> --
>
Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>     Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
>


-- 
Sendt fra Gmail Mobil
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux