RE: log port forwarding

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hello,

Not receiving a reply to the previous mail about logging port forwarding in the ssh daemon, let me explain the reason for this need. It is a question of using a machine as a bastion to isolate two networks and at the same time allow connections between these two networks via ssh tunnels.
For security reasons, it is necessary to keep track of each tunnel associated with the login used in a log.
It is of course necessary to set the user's shell to / bin / cat or an equivalent command so that the user can not run another solution to create tunnels.

The patch that I have previously suggested logs in syslog every outgoing or dynamic tunnel. But it does not log the incoming tunnels. What can be judged insufficient!
Using the variables displayed in debug, I discovered another problem: the address and port of the origin of the tunnels are always 0.0.0.0:0
This does not make it easy to link information between a firewall that logged an attack and the tunnel used by the attack (and the associated login).

So, I corrected this with a new patch attached. (I tested it with IPv4 and IPv6 tunnels on Linux.)

Could you tell me if you agree to integrate the feature (using or not the patch I gave you)?

Thank you

Best regards

Vincent Lefevere

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux