--On 25 May 2009 13:08:35 -0430 Aarón Mizrachi <unmanarc@xxxxxxxxx> wrote:
2. Rather than sshd opening up TCP connection to forward the connection
(in the above instance to server2.example.com:1234), I need sshd to
launch a process (in a similar way to inetd) and pipe the connection to
that, irrespective of what the user has specified on the ssh command
line. It needs to pass the username specified ("user-service", not the
UID which will always be the same) and preferably the
"server2.example.com:1234" to this process, either on the process's
command line or in the environment. Essentially what the process will be
doing is an "nc" but dependent on the "user-service" tuple passed and
subject to some protocol translation. How can I achieve this?
Something useful will be iptables. iptables can redirect your connection
to 127.0.0.1:x when you have your local program listening.
this can be done with iptables, --uid-owner policy, and REDIRECT. (I
think).
-j REDIRECT in addition with uid-owner will redirect all the connections
created from you special users to your local service.
Agree, but by the the supplied username will have been lost (as they'll
all be running under the same UID).
--
Alex Bligh