https://bugzilla.mindrot.org/show_bug.cgi?id=3704
Nikola <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #1 from Nikola <[email protected]> --- As a third observer I'd like to suggest you try something else. You can use a unix socket instead as it will be easier to track. The below example assumes your "controller" uses pam_systemd for user sessions. I also assume you are using a separate user and ssh key for each IOT client. On the IOT client: $ export remote_uid=`ssh iot_device_1@debbie 'id -u'` $ ssh iot_user_1@controller -R /run/user/$remote_uid/sshd.sock:localhost:22 On the controller to connect to the IOT device you can use: # ssh -o "ProxyCommand socat - UNIX-CLIENT:/run/user/`id -u iot_user_1`/sshd.sock" iot_user_1@iot_device_1 This way you can always correlate a user to their forwarded socket and they can only create a unix socket with their limited permissions. -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
