--On 25 May 2009 13:08:35 -0430 Aarón Mizrachi <[email protected]> wrote:
2. Rather than sshd opening up TCP connection to forward the connection (in the above instance to server2.example.com:1234), I need sshd to launch a process (in a similar way to inetd) and pipe the connection to that, irrespective of what the user has specified on the ssh command line. It needs to pass the username specified ("user-service", not the UID which will always be the same) and preferably the "server2.example.com:1234" to this process, either on the process's command line or in the environment. Essentially what the process will be doing is an "nc" but dependent on the "user-service" tuple passed and subject to some protocol translation. How can I achieve this?Something useful will be iptables. iptables can redirect your connection to 127.0.0.1:x when you have your local program listening. this can be done with iptables, --uid-owner policy, and REDIRECT. (I think). -j REDIRECT in addition with uid-owner will redirect all the connections created from you special users to your local service.
Agree, but by the the supplied username will have been lost (as they'll all be running under the same UID). -- Alex Bligh
