|
|
| code logs -> 2024 -> Wed, 01 May 2024 | < code.20240430.log - code.20240502.log > |
| --- Log opened Wed May 01 00:00:04 2024 |
| 00:50 | <@macdjord> | I have a Docker container running SSHD that has multiple incoming SSH connections, each from a different machine, specifically an X-ray scanner. I need to identify the connection coming from a particular scanner and terminate it. |
| 00:50 | <@macdjord> | - I know the serial number of the scanner whose connection I need to terminate. |
| 00:50 | <@macdjord> | - Using `ps -aux` I can see every incoming SSH connection as a separate process, and I can just pass the corresponding PID to `kill`. However, I have no way of identifying which process comes from which scanner. |
| 00:50 | <@macdjord> | - I can tell what user each SSHD process is logged in as - but that doesn't help; all the connections log in as the same user. |
| 00:50 | <@macdjord> | - Since every incoming connection comes from a different scanner, the source address will be different for each one. However, the source address of each machine is arbitrary; even if I could map source addresses to PIDs, I see no practical way to determine which source address corresponds with which scanner serial number. |
| 00:50 | <@macdjord> | - Every scanner logs in with a different auth key, and I know which key each scanner uses. If I could identify the different SSHD processes by their auth keys, that would suffice. |
| 00:50 | <@macdjord> | - Every scanner forwards a port on the scanner to a particular socket file on the container. Every scanner forwards to a different socket file, so if I could identify which socket file each SSHD processes is connected to, that would suffice. |
| 00:50 | <@macdjord> | - I control both ends of these connections, so if there is some option I can set on the scanner end which will make it easier to tell them apart at the SSHD end, I can do that. |
| 00:50 | <@macdjord> | Any advice? |
| 00:52 | <@celticminstrel> | This isn't helpful, but I missed the word "X-ray" until I looked back up after getting to the end, so throughout reading that I was thinking of a digital document scanner. |
| 00:53 | <@celticminstrel> | I'm pretty sure there is a way to identify files that a process has open, but… I have no idea how. |
| 00:53 | <@celticminstrel> | But I'm just suggesting that identifying it by the socket file sounds like it could be viable. Maybe. |
| 00:57 | <@macdjord> | celticminstrel: That was my first thought, too. |
| 00:58 | <@macdjord> | `cat /proc/net/unix` will tell me which socket files are open, but not who has them open. |
| 00:58 | <@macdjord> | `lsof` is supposed to list which processes have which files open, but it doesn't seem to list socket files. |
| 02:14 | | Vornicus [Vorn@Nightstar-tai.093.243.23.IP] has quit [Connection closed] |
| 03:01 | <@macdjord> | Ah! Turns out `lsof` will do the job - but only if the container is run as 'privileged', otherwise it blocks reading of the necessary files in /proc |
| 03:05 | <@macdjord> | Now I just need to figure out exactly what capacities are required so I can enable just those... |
| 03:15 | <@macdjord> | Looks like `cap_add: ["SYS_PTRACE"]` is enough. |
| 04:44 | | Degi [Degi@Nightstar-tlvrs6.pool.telefonica.de] has quit [Ping timeout: 121 seconds] |
| 04:47 | | Degi [Degi@Nightstar-2mhppu.pool.telefonica.de] has joined #code |
| 08:28 | | himi [sjjf@Nightstar-o4k.pal.170.103.IP] has joined #code |
| 08:28 | | mode/#code [+o himi] by ChanServ |
| 09:12 | | ErikMesoy [Bruker@Nightstar-u36.h65.232.178.IP] has left #code [] |
| 09:19 | | ErikMesoy [Bruker@Nightstar-u36.h65.232.178.IP] has joined #code |
| 09:19 | | mode/#code [+o ErikMesoy] by ChanServ |
| 10:10 | | Vornicus [Vorn@Nightstar-8k6f0b.res.spectrum.com] has joined #code |
| 10:10 | | mode/#code [+qo Vornicus Vornicus] by ChanServ |
| 10:31 | | Emmy [Emmy@Nightstar-qo29c7.fixed.kpn.net] has joined #code |
| 16:33 | | Kimo|autojoin [Kindamoody@Nightstar-csp65i.tbcn.telia.com] has joined #code |
| 16:33 | | mode/#code [+o Kimo|autojoin] by ChanServ |
| 16:38 | | Kimo|autojoin is now known as Kindamoody |
| 16:45 | | Kindamoody [Kindamoody@Nightstar-csp65i.tbcn.telia.com] has quit [Ping timeout: 121 seconds] |
| 16:52 | | Kindamoody [Kindamoody@Nightstar-7kh12o.mobileonline.telia.com] has joined #code |
| 16:52 | | mode/#code [+o Kindamoody] by ChanServ |
| 17:29 | | Kindamoody [Kindamoody@Nightstar-7kh12o.mobileonline.telia.com] has quit [Ping timeout: 121 seconds] |
| 22:29 | | himi [sjjf@Nightstar-o4k.pal.170.103.IP] has quit [Ping timeout: 121 seconds] |
| 22:56 | | Vornicus [Vorn@Nightstar-8k6f0b.res.spectrum.com] has quit [Connection closed] |
| 23:34 | | Emmy [Emmy@Nightstar-qo29c7.fixed.kpn.net] has quit [Ping timeout: 121 seconds] |
| --- Log closed Thu May 02 00:00:06 2024 |
|
| code logs -> 2024 -> Wed, 01 May 2024 | < code.20240430.log - code.20240502.log > |
|
|