On 03/01/16 01:03, Esben Nielsen wrote:
Hi,
Question:
Can a TCP server (running on the same host as the OpenSSH server) know
the user id/name of a user forwarding an TCP port ?
(...)
So my question is:
Is there any way to let the TCP application server know the user id of
the SSH forwarded TCP connection?
Yes.
For instance a naive implementation could run a root netstat -e -tp
looking for the other side of its connection.
Even with an optimized search of the connection, I think you would need
to end up with a root process
scanning all fds per check, though.
Additionally, I should note that you seem to be attempting the wrong
solution ("tacklinh openssh in the middle") for your problem of
authorizing users, making it needlessly complex.
For instance, given that you seem to be developing the server side of
the application, why don't you require socks authentication? (yes, socks
protocol supports authentication, and even if the client implementation
doesn't, it'd be easier to fix it than your solution)
Regards
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
