Comments (24)
Yes. Its in the readme.
from reverse_ssh.
Yes. Its in the readme.
Sorry for bothering again, I'm sure there is nothing about it in the readme. From the results of ls -t, the hostname and ip address cannot be changed, nor can they identify unique identities (because hosts connected from different subnets, these There may be duplicates), but the only remaining id, I read the source code, is also generated by the server receiving the connection, not passed by the client, is there a way to pass an additional ID when the client connects to the server As for the identifier, the goal I want to achieve is that this identifier is configured by the client, so that after connecting, wecan know who it is through this identifier
from reverse_ssh.
Ah I see what you mean. I interpreted your question as "Can I use another identifier rather than the random id" instead of "can I specify my own ID for the client".
You are correct, currently there is no way of a client to specify a custom ID.
Small comment about: "nor can they identify unique identities (because hosts connected from different subnets, these There may be duplicates),"
Generally speaking, different computers should have different hostnames, and if they are connecting from different subnets I'd expect them to have differing IP addresses (unless they are behind a NAT).
However, I think your point is a valid one. Having a way of applying a custom label to a client would make specifying clients in scripts easier.
In your ideal world, how would you specify this ID?
As it does present some user experience problems if you wanted it compiled in, as then clients would have the same ID and we'd be back at this problem all over again.
from reverse_ssh.
Ah I see what you mean. I interpreted your question as "Can I use another identifier rather than the random id" instead of "can I specify my own ID for the client".
You are correct, currently there is no way of a client to specify a custom ID.
Small comment about: "nor can they identify unique identities (because hosts connected from different subnets, these There may be duplicates)," Generally speaking, different computers should have different hostnames, and if they are connecting from different subnets I'd expect them to have differing IP addresses (unless they are behind a NAT).
However, I think your point is a valid one. Having a way of applying a custom label to a client would make specifying clients in scripts easier.
In your ideal world, how would you specify this ID? As it does present some user experience problems if you wanted it compiled in, as then clients would have the same ID and we'd be back at this problem all over again.
I think it can try to read from the configuration file. If it is not read, it will be randomly generated by the program, which should solve your worries and meet some of the requirement I mentioned earlier.
from reverse_ssh.
I think it can try to read from the configuration file
Unfortunately I want this program to be as self contained as possible, so I'd be happier with a command line flag (such as --id
) rather than reading from a file.
If it is not read, it will be randomly generated by the program...
Oh, if you only want something thats unique per client (not a custom label), then I can look at changing the ID to represent the public key instead. Which I was planning on doing anyway.
Thoughts?
from reverse_ssh.
Oh, if you only want something thats unique per client (not a custom label), then I can look at changing the ID to represent the public key instead. Which I was planning on doing anyway.
Of course, the same is true for reading from command line parameters. Regarding your proposal, I am not sure if I understand it properly. My idea is to let the client pass an identifier to the server to facilitate the management of the server. As for the implementation method, it does not matter. . Having said that, changing the id seems to be a lot of work, and the real unique sign should always be issued by the server to ensure global uniqueness, and if it is pure standard ssh communication, it seems that an additional parameter is passed to establish the ssh connection The difficulty is not small. On the contrary, if the client sends the tag to the server through the current connection after the ssh connection is established, it will look more reliable and the implementation difficulty will be relatively reduced. If I am wrong, please ignore
from reverse_ssh.
Of course, the same is true for reading from command line parameters.
Depends on how you're deploying the binary. Most cases are deploying the client as a single binary, sometimes onto systems they cant directly access, so if it was a custom tag then it'd have to be supplied by command line argument, or by being baked in at compile time.
My idea is to let the client pass an identifier to the server to facilitate the management of the server
Not sure what you mean by this. How does this help managing the server? I can understand it would help identify clients.
from reverse_ssh.
I am gonna need a bit more feedback on how you plan to use this feature. Just going to implement it, I have kind of come to the conclusion that hostname should be sufficient for what you want?
from reverse_ssh.
I am gonna need a bit more feedback on how you plan to use this feature. Just going to implement it, I have kind of come to the conclusion that hostname should be sufficient for what you want?
I'm going to build a system to manage remote clients that can go directly from the web to the target machine, so I need to set up aliases for each client, they may be from different subnets, have the same hostname, or even ip
from reverse_ssh.
Right, so are you planning on recompiling the client per each target machine?
If so, I will add public key hash to the list of identifiers and that will solve you problem as that will then be unique per client.
from reverse_ssh.
Right, so are you planning on recompiling the client per each target machine? If so, I will add public key hash to the list of identifiers and that will solve you problem as that will then be unique per client.
Can we try to get it from the command line parameters first, and if can't get it, then get the hash value of the public key?
from reverse_ssh.
Its easier to use a hash of the public key. I've implemented this on the unstable branch. Please check it out and have a play around.
from reverse_ssh.
Its easier to use a hash of the public key. I've implemented this on the unstable branch. Please check it out and have a play around.
So fast, I'll try it later, thanks
from reverse_ssh.
This will have the limitation that you will need to compile a new client for every target machine, and make sure that the public is different for every client binary. This is trivial with the link
command.
from reverse_ssh.
This will have the limitation that you will need to compile a new client for every target machine, and make sure that the public is different for every client binary. This is trivial with the
link
command.
I thought of a question, there seems to be a logical bug here, if we need to generate a public key for each client, that means that the client and the server become one-to-one binding? The public and private keys are always generated in pairs
from reverse_ssh.
I dont understand what you mean....
from reverse_ssh.
I dont understand what you mean....
Both the public key and the private key are generated in pairs, and each compilation will generate a pair of public key and private key, which means that the newly compiled client cannot connect to the previously compiled server. .
from reverse_ssh.
The servers private key is stored in the id_ed25519
file, this is generated on first execution of the server. This key does not change, nor is it compiled into the server.
The server maintains a list of client public keys to check if clients are allowed to connect.
I dont understand what you mean by "the newly compiled client cannot connect to the previously compiled server". You should try this, and see that the server (as long as the authorized_controllee_keys
contains the client public key) will allow clients to connect.
The compilation only generates new client keys.
from reverse_ssh.
The servers private key is stored in the
id_ed25519
file, this is generated on first execution of the server. This key does not change, nor is it compiled into the server.The server maintains a list of client public keys to check if clients are allowed to connect.
I dont understand what you mean by "the newly compiled client cannot connect to the previously compiled server". You should try this, and see that the server (as long as the
authorized_controllee_keys
contains the client public key) will allow clients to connect.The compilation only generates new client keys.
emm . as you said, it shouldn't be necessary to recompile a new client every time and just generate a new key?
from reverse_ssh.
Yes, it would be necessary to compile it each time to have a unique public private key pair for the clients. This public key is automatically added to the servers allowed list.
This doesnt effect the server at all.
For deployment this could be done easily with the link
command
from reverse_ssh.
Yes, it would be necessary to compile it each time to have a unique public private key pair for the clients. This public key is automatically added to the servers allowed list.
This doesnt effect the server at all.
For deployment this could be done easily with the
link
command
It's a little confusing, maybe I'll change the question, how does the client specify where and which private key to connect to the server, because when I use the client to connect to the server, it doesn't ask me to specify the key, by the way, I Have tested the version you submitted about the public key hash value addition, it works, thank you very much
from reverse_ssh.
The private key is baked into the client binary on compile time. The client then supplies the corresponding public key to the server, the server has the authorized_keys
list to check if the client should be allowed.
from reverse_ssh.
Glad to hear you've tested the new version. This issue is now closed.
from reverse_ssh.
Thank you for your explanation, sorry for my ignorance. I don't know the principle of private key embedding. I just checked the source code again and found that it was embedded in the way of comments. thank you so much .
from reverse_ssh.
Related Issues (20)
- Tuntap integration HOT 14
- Links are not re-generated when external address changes HOT 2
- Specify only the first few characters HOT 2
- glibc errors and `CGO_ENABLED` HOT 1
- Webhooks HOT 7
- Optionally compress the client binary served via link HOT 2
- Difference between authorized_keys and authorized_controllee_keys HOT 11
- Bash script should find writeable location HOT 2
- Compatibility issue under windows HOT 6
- ./server log says ./client connnected but ssh command from Human Client has no output HOT 3
- scp -J and sftp -J not working HOT 1
- Make keepalive interval configurable HOT 11
- Link should generate new keys for each client
- Race condition in cache creation and authorized keys checking (server)
- Obfuscate the client HOT 4
- feat req: Allow user to specify shell on connect HOT 3
- Ability to run as a windows service HOT 13
- Helper shell script doesn't work with Busybox-based distros HOT 6
- Webhook not work because content is not in good body key HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from reverse_ssh.