Re: Get remote address when using direct-streamlocal@xxxxxxxxxxx.

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



2017-06-02 8:15 GMT+02:00 Stef Bon <stefbon@xxxxxxxxx>:
>
> This will work, but is very constructed. might there be another easier way?

Hi,

I'm thinking about using pam for this purpose. My fileserver watches a file with
fanotify, getting the pid of the process which wants to open and write
to a file,
for example /run/ssh-remote-access

The sshd process uses a pammodule (pam_bfileserver for example in the
session phase of pam)
which writes information like:

%PID%:%PAM_RHOST%:%PAM_RUSER%

to this file. While it is busy doing so, other processes are blocked
to write to it.

When this data is written, bfileserver reads these values, compares
with the pid fanotify reported,
and if they match, bfileserver "knows" the remote address.
bfileserver clears the file, and allows access to it by other processes.
The pammodule should proceed if file not found.

Stef
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux