本文介绍了检索SSH唯一会话ID的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我想知道对于通过ssh(OpenSSH)连接的服务器和客户端,是否有任何方法可以检索一些唯一的会话标识符(将其设为 USID ).

I wonder if there is any way to retrieve, for both a server and a client connected through ssh (OpenSSH), some unique session identifier (let this be USID).

这将用于限制特定(自定义)软件(使其为 a.exe )的执行,因此它只能通过特定的ssh会话执行. em>,即使其他用户(可能是root用户)也可以访问该可执行文件:

This would be used to restrict the execution of a specific (custom) software (let it be a.exe), so it can only be executed through a specific ssh session, even if other users (potentially root) have access to that executable:

  • 从计算机 C (客户端)到计算机 S (服务器),计算机 C (知道 USID )将更新计算机 X (第三方服务器)上的一条记录,告知该 USID 是安全的".
  • 机器 S 上的
  • a.exe 将在调用时检查当前会话的 USID 是否为安全"(此信息将由 X 提供),并且如果收到否定答案,则会中止执行.
  • after a ssh session is opened from machine C (client) to machine S (server), machine C (which knows the USID) will update a record on machine X (a third-party server), letting it know that this USID is "safe".
  • a.exe on machine S will check, when invoked, if the USID of the current session is "safe" (this information will be provided by X) and will halt execution if negative answer received.

X C X S 之间的通信通道是安全的,因此这里唯一的问题正在检索 USID 而无需,而不必编写我自己的ssh客户端和/或服务器.

The communication channels between X and C, X and S are secure, so the only issue here is retrieving that USID without having to write my own ssh client and/or server.

有什么想法吗?

推荐答案

在我看来,您正在尝试重新实现kerberos.在我看来,您想让GSSAPI保护客户端和服务器之间的传输;因此您的客户端需要向服务器进行身份验证.

seems to me in a round about way, you are trying to re-implement kerberos. Seems to me that you want to GSSAPI secure the transport between client and server; so your client needs to authenticate to the server.

典型的方法是使用密钥表"kinit"给主妇,然后将该证书传递给服务器. Kerberos确保它相当难以伪造.

Typical way of doing this would be to 'kinit' to a prinicpal using a keytab, and then passing this credential to the server. Kerberos ensures that it's reasonably hard to fake.

这可能会比您上面描述的方法脆弱一些.

that's probably going to be a little less brittle than the method that you describe above.

-王牌

这篇关于检索SSH唯一会话ID的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-31 16:40