bugzilla-daemon at mindrot.org
2024-Jun-26 06:35 UTC
[Bug 3704] New: Implement an interface to capture port number of random remote port forwarding -R 0:localhost:22
https://bugzilla.mindrot.org/show_bug.cgi?id=3704
Bug ID: 3704
Summary: Implement an interface to capture port number of
random remote port forwarding -R 0:localhost:22
Product: Portable OpenSSH
Version: 9.7p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: umut at tezduyar.com
I am exposing IoT devices SSH interface to the cloud. The IoT devices
set up the port forwarding with -R 0:localhost:22. The random port
number is picked by the sshd and is sent to the client on the TTY. Then
my clients are sending the port number to the server to keep track of
active sessions.
Here I rely on client doing the right thing and reporting the correct
allocated port number to the server.
I would like to request a feature to have an interface on the sshd to
capture the allocated port number for a given key/fingerprint
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-Jul-06 20:36 UTC
[Bug 3704] Implement an interface to capture port number of random remote port forwarding -R 0:localhost:22
https://bugzilla.mindrot.org/show_bug.cgi?id=3704
Nikola <root at nixsum.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |root at nixsum.net
--- Comment #1 from Nikola <root at nixsum.net> ---
As a third observer I'd like to suggest you try something else.
You can use a unix socket instead as it will be easier to track.
The below example assumes your "controller" uses pam_systemd for user
sessions.
I also assume you are using a separate user and ssh key for each IOT
client.
On the IOT client:
$ export remote_uid=`ssh iot_device_1 at debbie 'id -u'`
$ ssh iot_user_1 at controller -R
/run/user/$remote_uid/sshd.sock:localhost:22
On the controller to connect to the IOT device you can use:
# ssh -o "ProxyCommand socat - UNIX-CLIENT:/run/user/`id -u
iot_user_1`/sshd.sock" iot_user_1 at iot_device_1
This way you can always correlate a user to their forwarded socket and
they can only create a unix socket with their limited permissions.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-Aug-09 12:23 UTC
[Bug 3704] Implement an interface to capture port number of random remote port forwarding -R 0:localhost:22
https://bugzilla.mindrot.org/show_bug.cgi?id=3704
kolAflash at kolahilft.de changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kolAflash at kolahilft.de
--- Comment #2 from kolAflash at kolahilft.de ---
(In reply to Nikola from comment #1)> [...]
> You can use a unix socket instead as it will be easier to track.
If possible, I'd also recommend UNIX sockets. They are much safer then
127.0.0.1. See also bug 3695
Comments say even Windows supports UNIX sockets nowadays:
https://lwn.net/Articles/984838/
Alternatively let not SSH find the free port, but use "ss".
#!/bin/bash
port="10000" # start searching here
while [ -n "$(ss -tan4H "sport = ${port}")" ]; do
port="$((port+1))"
done
--
You are receiving this mail because:
You are watching the assignee of the bug.
Maybe Matching Threads
- [Bug 3695] New: X11 forwarding via UNIX socket instead of 127.0.0.1
- [Bug 2333] New: forbid old Ciphers, KexAlgorithms and MACs by default
- [Bug 2332] New: Show more secure fingerprints than MD5 (e.g. SHA256) in ssh and ssh-keygen
- [Bug 3702] New: sshd fork crashed when compiled with seccomp
- Read and publish firmware time stamps and boot time (was: [systemd-devel] bootloader time on a non-EFI bootloader)