Hi !
I haven't found an easy solution to determine the local IP to which the
remote SSH client is connected to the local SSHD. We use MC/Serviceguard which
can create many Interfaces where a remote client could connect and we like to
know within .profile which interface the client has connected to.
I've looked at the sourcecode and maybe the following could do something I
described :
session.c:871 RCSID("$OpenBSD: session.c,v 1.142 2002/06/26 13:49:26
deraadt Exp $");
do_setup_env
child_set_env(&env, &envsize, "SSH_LOCAL_IP",
get_local_ipaddr(packet_get_connection_in());
what do you think of it ?
thanx, mario
Mario-- bash-2.05a# set | grep SSH SSH_CLIENT='10.0.1.37 3985 22' SSH_TTY=/dev/ttyp2 Don't use IP's for security though, particularly within LAN/VLAN boundries. Far better to switch on user or user key, at least in terms of security. --Dan
Mario Paumann wrote:> I haven't found an easy solution to determine the local IP to which > the remote SSH client is connected to the local SSHD. We use > MC/Serviceguard which can create many Interfaces where a remote client > could connect and we like to know within .profile which interface the > client has connected to.I think patching sshd to provide a $SSH_SERVER variable is cleaner, but you could use the the client IP and port to look up the matching local ip/port pair via netstat, eg: remote=`echo $SSH_CLIENT | awk '{print $1":"$2}'` local=`netstat -n | awk '/'$remote'/{print $4}'` -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Thanx dan, but i mean it as i wrote it. I need the local ip not the remote ip (which is in SSH_CLIENT). mario
On Wed, Sep 04, 2002 at 02:41:45PM +0100, Mario Paumann wrote:> I haven't found an easy solution to determine the local IP to which the remote SSH client is connected to the local SSHD. We use MC/Serviceguard which can create many Interfaces where a remote client could connect and we like to know within .profile which interface the client has connected to. > > I've looked at the sourcecode and maybe the following could do something I described : > > session.c:871 RCSID("$OpenBSD: session.c,v 1.142 2002/06/26 13:49:26 deraadt Exp $"); > do_setup_env > > child_set_env(&env, &envsize, "SSH_LOCAL_IP", get_local_ipaddr(packet_get_connection_in()); > > what do you think of it ?I agree this is useful. See also: http://bugzilla.mindrot.org/show_bug.cgi?id=384 I would perhaps be better if this all were exposed in just one environment variable, e.g., SSH_CONNECTION=172.31.1.53 14932 192.168.1.9 24 and deprecate SSH_CLIENT, but adding SSH_SERVER as in 384 may be less confusing.