no, there is no way for the client to tell the server about
the username in protocol 1. protocol 2 could be abused to
include the username in request message, but this would
violate the protocol spec.
On Mon, Sep 25, 2000 at 09:39:35AM -0400, MARC KURTZ
wrote:> Hello,
> Does anyone know how to get the username of the user (already authenticated
> and logged in) who is sending data to a forwarded tunnel from the
> channel_input_port_open function in channels.c??
>
> I've tried numerous things, and all I can get is the IP address that is
> sending the data and where it is going to be sent to. All I want is the
> username or the UID
>
> Here is the chain of events that are happening:
> User logs on to SSHServer and authenticates
> Sets up local listening port on 2323 to forward to RemoteClient:23
> User telnets to localhost:2323 and the ssh client forwards this data to
> SSHServer
>
> At this point the channel_input_port_open function gets called in the ssh
> server loop. In this procedure it knows that data is coming from the
> client's IP and is getting forwarded to RemoteClient to Port 23... Is
there
> a way to determine the connection's user name?
>
> I'm trying to write a solution to the old "how do I limit
user's forwarded
> connections" problem, so if one already exists then let me know.
>
> Please e-mail mkurtz at backbonesecurity.com because I am not subscribed to
> this list...
>
> Thank you,
> Marc Kurtz
> Security Engineer
> Backbone Security
> 570-422-3493
>
>
>
>