[sslh] sslh X-Forwarded-For question
Yves Rutschle
yves at naryves.com
Sun Aug 28 02:28:29 CEST 2011
On Fri, Aug 26, 2011 at 06:28:23PM -0400, Guylhem Aznar wrote:
> You mention IP_TPROXY options in the README, but you do not give any
> link to a patch or explanations on how to do it.
> Could you please give it, even if it's just a linux-only dirty hack??
There is no such patch, the paragraph in the README is meant
to explain why it doesn't exist.
> Another option would be implenting a "X-Forwarded-For" like
> mechanism, with support in say dropbear and openvpn.
I am not sure what you're suggesting here. Patching the
servers (ssh and httpd) to accept the IP address that would
be sent from sslh?
Or is that something that is already supported by the
servers?
> I guess this would reduce the need of this patch for most
> people ; I believe are interested in IP_TPROXY just to
> know the real IP for their https log files, ssh starting
> screen, openvpn logs etc.
There should be enough information in sslh logs to link
connections together, e.g.:
Aug 26 10:16:47 thelonious sslh-select[27389]: connection from 254.115.14.84:20010 to thelonious.naryves.com:https forwarded from ip6-localhost:41736 to ip6-localhost:ssh
Aug 26 10:16:53 thelonious sshd[27542]: Accepted publickey for yves from ::1 port 41736 ssh2
=> Because you know the local port for sslh is 41736, you
can infer that sshd with PID 27542 is processin the
connection from 254.115.14.84.
My question is, what is it you're really trying to do?
Y.
More information about the sslh
mailing list