[Info-vax] SSH footprint
VAXman- at SendSpamHere.ORG
VAXman- at SendSpamHere.ORG
Tue Oct 27 13:25:46 EDT 2009
In article <hc6rpa$o00$1 at gwdu112.gwdg.de>, Joseph Huber <joseph.huber at NOSPAM.web.de> writes:
> VAXman- @SendSpamHere.ORG wrote:
>
>>
>> SSH under TCPIP Services I presume?
>>
>> Look in the JOB logical table. If the terminal is a pseudo-terminal
>> and the JOB table logicals look like:
>>
>> "SYS$REM_ID" = "SSH_13579BDF"
>> "SYS$REM_NODE" = "remotehostname.remotedomainname.tld::"
>> "SYS$REM_NODE_FULLNAME" = "remotehostname.remotedomainname.tld::"
>>
>> I would say you might just have an SSH login.
>
>Apparently it depends on the source of the SSH connections:
> if the source of the ssh login is VMS with TCPIP services, then the real
>VMS user name appears in SYS$REM_ID, no sign of SSH.
> if login from other systems (in my case RH Linux), then yes, SSH_hexid is
>there.
>Probably TCPIP services SSH is doing some (private ?) protocol to get the
>remote user name.
Well, if it's TCPIP Services SSH, the FTA devices LOCKID will contain the
internal PID of the TCPIP$SSH_BGxxx process. I'll leave, as an exercise
for the reader, the details of converting from the IPID to the EPID as a
means of determining whether or not this is an SSH process FTA. ;)
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
http://www.quirkfactory.com/popart/asskey/eqn2.png
"Well my son, life is like a beanstalk, isn't it?"
More information about the Info-vax
mailing list