Running dropbear as unprivileged user to a single user SSH Server
Guylhem Aznar
dropbear at guylhem.net
Fri Sep 2 01:11:53 WST 2011
Here're my 2 cents on the subject : what about adding a way to pass
overrides parameters instead?
This patch is interesting for what it would allow but such functions
might be in a better place outside dropbear, in a more general
setting.
The exemple I presented to the author is the relation between a HTTP
proxy (ex: stunnel) and a HTTP server. The HTTP proxy can pass
X-Forwarded-For IP to the HTTP server, which, if configured to accept
that, will be use in the logs files.
A command line flags seems wrong to me.
Adding the possibility to pass parameters to dropbear *before* it
sends the SSH banner, ex: OVERRIDE_USER=xx, OVERRIDE_SHELL=yy would
cover more use cases, while remaining very light. This would just
require a wrapper to *send* informations to the tcp port- and the
patch could simply be something like "if dropbear receives something
before the connection do... otherwise business as usual".
"accept override" would be a perfect command line flag for dropbear,
instead of specifying which are the overrides.
Guylhem
More information about the Dropbear
mailing list