On Sun, 3 Jan 2016, Esben Nielsen wrote: > Hi, > > Question: > > Can a TCP server (running on the same host as the OpenSSH server) know > the user id/name of a user forwarding an TCP port ? No; there are a number of impediments to implementing it. The SSH protocol doesn't support sending this information. It could conceivably be added as an extension though. We'd need to be careful in designing this - many users would be surprised if ssh started "leaking" user identifiers across forwarding channels. If the lack of protocol support was solved, another problem would be how the information is relayed to the next application. I'm not aware of a kernel mechanism to allow an application to fake a user identity across a local socket. Next problem: if one existed, it would almost certainly require root privileges and sshd takes great care to get rid off root privileges wherever possible. They certainly aren't used for port forwarding. TLDR: doing this is hard (I haven't even gone into user/uid mapping problems) and not likely to happen soon, sorry. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
