Linux – How to get the list of SSH tunnels connected with the username used

linuxsshssh-tunneltunneltunneling

The connection is established from Desktop(D) to Server(S) with ssh -D PORT username@Server.

From the Server, the list of ssh users connected can be obtained with who, but the ssh tunnels are not listed in who or w. Also, with netstat -lnpt | grep ssh, the connected user is not listed.

With other commands, such as ps aux | grep ssh or lsof -i -n | egrep '\<ssh\>', a lot more information is retrieved, looking as if more users were connected.

Is there a (What is the) reliable way of getting the list of ssh tunnels with their respective users on S, ideally including the IP address of D?

Best Answer

The use of ssh -D is not visible to the server. It is only once a socks client connects to the ssh client and request a connection, that the ssh client will ask the server for a forwarding.

Once a connection is fully established, it will be visible on the server. You can see it with netstat -ntp.

It will obviously not be visible with netstat -lntp on the server, because it does not involve any listening sockets.

On the client side running netstat -lntp will show that ssh is listening on the specified port.

Related Solutions

SSH + svnserve -t command, while still allowing shell access

I wanted to comment on this yesterday but backed off waiting for someone more knowledgeable in this particular setup. Working from what you have said you can setup multiple users on the same account by having separate keys each setup to a different command structure. I,e user Bob would have a key command="svnserve -t --tunnel-user=Bob -r /home/ownername/" ssh-rsa A...eQ== laptoplogin@laptop

and Jane would be command="svnserve -t --tunnel-user=Jane -r /home/ownername/" ssh-rsa someother..eQ== laptoplogin@laptop

Now by the same logic you could set up a third shared key between you that just executes bash, or share the account password to login without keyless ssh and get access to the shell.

That being said, on an aside, you may just want to take a look at Mercurial or Git, both of which make centrally hosted development on a repository dead-simple and are far more powerful and flexible than svn.

Ssh – How to automate SSH login with password

Don't use a password. Generate a passphrase-less SSH key and push it to your VM.

If you already have an SSH key, you can skip this step… Just hit Enter for the key and both passphrases:

$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.

Copy your keys to the target server:

$ ssh-copy-id id@server
id@server's password:

Now try logging into the machine, with ssh 'id@server', and check-in:

.ssh/authorized_keys

Note: If you don't have .ssh dir and authorized_keys file, you need to create it first

to make sure we haven’t added extra keys that you weren’t expecting.

Finally, check to log in…

$ ssh id@server

id@server:~$

You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase.

Best Answer

Related Solutions

SSH + svnserve -t command, while still allowing shell access

Ssh – How to automate SSH login with password

Related Topic