Stef Bon
2017-Jun-01 16:26 UTC
Get remote address when using direct-streamlocal@openssh.com.
I've a server where clients can connect to using direct-streamlocal at openssh.com. I want that the server "knows" the address of the client. I've tried using the peercredentials of the process connecting my server (which is a sshd process) and check the environment. I thought that in the environment the var SSH_CLIENT would be set, but that did not work. This sshd process has an almost empty environment file. Is there another good way to find it? Thanks in advance, Stef Bon
Stef Bon
2017-Jun-02 06:15 UTC
Get remote address when using direct-streamlocal@openssh.com.
Hi, I can create something what works: the client has the ability to create a channel using the same ssh session with the server, and can execute commands. When the client has a connection with the server using the direct-streamlocal mechanism, it can also create a file on the server by running something like: set > /tmp/sshd_set_%PPID% the parent pid is the same pid my serverprocess reads when reading the peer socket credentials. My serverprocess waits for the existence of this file, and when detected, it reads the environmentvariables like SSH_CLIENT. This will work, but is very constructed. might there be another easier way? Thanks in advance. Stef
Stef Bon
2017-Jun-21 10:08 UTC
Get remote address when using direct-streamlocal@openssh.com.
2017-06-02 8:15 GMT+02:00 Stef Bon <stefbon at gmail.com>:> > This will work, but is very constructed. might there be another easier way?Hi, I'm thinking about using pam for this purpose. My fileserver watches a file with fanotify, getting the pid of the process which wants to open and write to a file, for example /run/ssh-remote-access The sshd process uses a pammodule (pam_bfileserver for example in the session phase of pam) which writes information like: %PID%:%PAM_RHOST%:%PAM_RUSER% to this file. While it is busy doing so, other processes are blocked to write to it. When this data is written, bfileserver reads these values, compares with the pid fanotify reported, and if they match, bfileserver "knows" the remote address. bfileserver clears the file, and allows access to it by other processes. The pammodule should proceed if file not found. Stef