openssh-unix-dev October 2011 archive
Main Archive Page > Month Archives  > openssh-unix-dev archives
openssh-unix-dev: Re: Detect PID of sshd processes used by one p

Re: Detect PID of sshd processes used by one public key; detect -R allocated port on the server

From: Stephen Harris <lists_at_nospam>
Date: Sat Oct 08 2011 - 13:55:00 GMT
To: Alex Bligh <alex@alex.org.uk>

On Sat, Oct 08, 2011 at 02:20:09PM +0100, Alex Bligh wrote:
>
>
> --On 8 October 2011 08:06:59 -0400 Stephen Harris <lists@spuddy.org> wrote:
>
> >>no-agent-forwarding,command="/bin/true",no-pty,no-user-rc,no-X11-forward
> >>ing,permitopen="127.0.0.1:7"
> >
> >>But there seems to be no way to get the PIDs of an ssh process associated
> >>with a particular public key, as opposed to a particular user.
> >
> >Instead of command="/bin/true" use command="/path/to/script". The script
> >can look at parent processes and work up the tree until it reaches the
> >sshd process.

> 1. when -N is used, command= / ForceCommand is not executed. It only forces
> running of a command when there is either an interactive session
> requested or a command on the command line.

I was assuming you would have do some work on how your application process
determined what port to talk to; you could have that dependent on having
had the script run. So if the client uses -N then your application won't
talk to the forwarded port, which forces them to not do that :-)

> 2. (less of an issue), the user's shell can no longer be /bin/false; it has
> to be a real shell.

Make the shell be the script. Make the password for the account be '*'.
Now sshd will do "$SCRIPT -c $SCRIPT user1"; parse accordingly.

-- rgds Stephen _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev