search for: forced_tun_device

Attached is a patch which adds a log= directive to authorized_keys. The text in the log="text" directive is appended to the log line, so you can easily tell which key is matched. For instance the line: log="hello world!",no-agent-forwarding,command="/bin/true",no-pty, no-user-rc,no-X11-forwarding,permitopen="127.0.0.1:7" ssh-rsa AAAAB3Nza....xcgaK9xXoU=

>> the fact that ssh insists on tap* and tun* tun/tap-device-names is a >> real nag and prevents from nice and easy solutions in some cases. > > Could you offer some examples? some client: ssh -o "Tunnel Ethernet" -w any office next client: ssh -o "Tunnel Ethernet" -w any office ...and so forth. interface configuration on the hub for all clients:

...N_OPEN int sys_tun_open(int, int); #endif diff -Nurd openssh-4.3p2.orig/serverloop.c openssh-4.3p2/serverloop.c --- openssh-4.3p2.orig/serverloop.c 2005-12-31 00:33:37.000000000 -0500 +++ openssh-4.3p2/serverloop.c 2006-08-25 08:24:58.000000000 -0400 @@ -941,7 +941,11 @@ goto done; tun = forced_tun_device; } - sock = tun_open(tun, mode); +#if defined(SSH_TUN_LINUX) + sock = tun_open(tun, mode, the_authctxt->pw->pw_uid); +#else + sock = tun_open(tun, mode); +#endif if (sock < 0) goto done; c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1, diff -Nurd openssh-4.3p2....

On Thu, May 04, 2017 at 09:37:59AM +1000, Adam Eijdenberg wrote: > Hi Devin, have you looked at using openssh certificates to help manage [...] > While the feature has been around for a while now (and is really > useful), there doesn't seem to be huge amount of documentation around > it. I found the following useful when getting a client of my running Yeah, when I wrote about it

Numerous how-tos all over the Internet show how one would set up a tunnel using ssh, e.g.: ssh -f -o Tunnel=ethernet <server_ip> true I was wondering if there's a way to subsequently acquire the names of the local and remote tun/tap interfaces (e.g., using the default "-w any:any") for subsequent automatic tunnel configuration, e.g.: ip link set $TapDev up ip link set