 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On 10/12/2009 12:44 PM, Dan Kressin wrote: > Using "ssh -N" or putty's "Don't start a shell or any command at all" c= heckbox (Connection->SSH), it is possible to open an ssh connection to ho= stA for tunneling purposes even if the user's shell on hostA is set to no= login (or /bin/false, etc). As there is no shell or command running, the= se connections do not appear in the output of w or who. > > How might one detect these connections, assuming they come from a netwo= rk with other active shell-based connections? > > Platform in question is FreeBSD, but I'm interested in Linux responses = also. > > =20 This is a tunnel connection on my home system from running an X tunnel with no terminal: gaf 5384 5381 0 09:02 ? 00:00:09 sshd: gaf at notty=20 Basically, on the above question, I would simply look for anything owned by the user who has been removed although I'm not sure how ps would show the entry if there is no corresponding password entry. --=20 Jerry Feldman <gaf-mNDKBlG2WHs at public.gmane.org> Boston Linux and Unix PGP key id: 537C5846 PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB CA3B 4607 4319 537C 5846
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
