ProxyCommand that creates identity file

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi there,

I'm working on a project to write a ProxyCommand that reaches out to an SSH
CA to receive an SSH certificate prior to the connection. The ProxyCommand
also creates a tunnel to the upstream SSH server.

When using ProxyCommand alone, the issue is that the identity files are
loaded as soon as SSH has fork/exec'd the process. It does not wait for a
valid server negotiation.

I found the ProxyUseFdPass flag which seemed promising -- here, the
identity files weren't loaded until after the file descriptors are passed
back to the SSH client. Perhaps I could fetch the identity file, return the
fds, and then tunnel the traffic. Unfortunately, it blocks on waitpid(), so
this doesn't work either -- I need the process to stay open to tunnel data.

I considered trying to fork, disown the child, and run the tunnel inside
the child, but unfortunately I am working with Golang, which doesn't allow
forking (except to execute another application.)

I'm looking for any tips on how I might be able to work around this
problem. I'd also be interested in understanding why the identity files are
loaded prior to negotiating a valid server connection.

Thanks,
John
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux