开发者

retrieve SSH unique session ID

开发者 https://www.devze.com 2022-12-19 12:59 出处:网络
I wonder if there is any way to retrieve, for both a server and a client connected through ssh (OpenSSH), some unique session identifier (let this be USID).

I wonder if there is any way to retrieve, for both a server and a client connected through ssh (OpenSSH), some unique session identifier (let this be USID).

This would be used to restrict the execution of a specific (custom) software (let it be a.exe), so it can only be executed through a specific ssh session, even if other users (potentially root) have access to that executable:

  • after a ssh session is opened from machine C (client) to machine S (server), machine C (which knows the USID) will update a record on machine X (a third-party server), letting it know that this USID is "safe".
  • a.exe on machine S will check, when invoked, if the USID of the current session is "safe" (this information will be provided by X) and will halt e开发者_JAVA技巧xecution if negative answer received.

The communication channels between X and C, X and S are secure, so the only issue here is retrieving that USID without having to write my own ssh client and/or server.

Any ideas?


seems to me in a round about way, you are trying to re-implement kerberos. Seems to me that you want to GSSAPI secure the transport between client and server; so your client needs to authenticate to the server.

Typical way of doing this would be to 'kinit' to a prinicpal using a keytab, and then passing this credential to the server. Kerberos ensures that it's reasonably hard to fake.

that's probably going to be a little less brittle than the method that you describe above.

-Ace

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号