Re: User id for the forwarder ports

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 03/01/16 01:03, Esben Nielsen wrote:
Hi,

Question:

Can a TCP server (running on the same host as the OpenSSH server) know
the user id/name of a user forwarding an TCP port ?
(...)

So my question is:
Is there any way to let the TCP application server know the user id of
the SSH forwarded TCP connection?
Yes.
For instance a naive implementation could run a root netstat -e -tp looking for the other side of its connection.

Even with an optimized search of the connection, I think you would need to end up with a root process
scanning all fds per check, though.


Additionally, I should note that you seem to be attempting the wrong solution ("tacklinh openssh in the middle") for your problem of authorizing users, making it needlessly complex. For instance, given that you seem to be developing the server side of the application, why don't you require socks authentication? (yes, socks protocol supports authentication, and even if the client implementation doesn't, it'd be easier to fix it than your solution)

Regards

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux