On 3/28/07, Ilya Konstantinov <[EMAIL PROTECTED]> wrote:
Mind that forwarding through the same interface as the SSH connection came
from is not the obvious thing to do. Often you want SSH forwarding precisely
for the reason that a certain destination is available to the SSH server
through an interface which you don't have.
One easy way to implement the thing you want would be to patch sshd. You
might not want to touch code, but face it - what you're trying to do isn't
trivial with iptables/iproute2, and might not end up reliable.
true, might consider this.
This sprung to my mind as well. You actually want to deal only with a single
sshd child process, not the entire sshd, so --pid-owner sounds about right.
This would be something you'd executed through PAM "session" module, as to
still have root permissions (and keep it out of the user's control).
thanks. Might try this also.
--
cyphunk://cypherpoet.com
nathan://squimp.com
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
