|Main Archive Page > Month Archives > openssh-unix-dev archives|
On Sat, Oct 08, 2011 at 02:20:09PM +0100, Alex Bligh wrote:
> --On 8 October 2011 08:06:59 -0400 Stephen Harris <email@example.com> wrote:
> >>But there seems to be no way to get the PIDs of an ssh process associated
> >>with a particular public key, as opposed to a particular user.
> >Instead of command="/bin/true" use command="/path/to/script". The script
> >can look at parent processes and work up the tree until it reaches the
> >sshd process.
> 1. when -N is used, command= / ForceCommand is not executed. It only forces
> running of a command when there is either an interactive session
> requested or a command on the command line.
I was assuming you would have do some work on how your application process
determined what port to talk to; you could have that dependent on having
had the script run. So if the client uses -N then your application won't
talk to the forwarded port, which forces them to not do that :-)
> 2. (less of an issue), the user's shell can no longer be /bin/false; it has
> to be a real shell.
Make the shell be the script. Make the password for the account be '*'.
Now sshd will do "$SCRIPT -c $SCRIPT user1"; parse accordingly.
-- rgds Stephen _______________________________________________ openssh-unix-dev mailing list firstname.lastname@example.org https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev