Mailing List Archive: Auditing/logging port forwarding

Auditing/logging port forwarding

jblaine at kickflop

Jan 14, 2009, 8:33 AM

Post #1 of 2 (1964 views)

OpenSSH Version: any

From all I can gather, there is no way to log port forwarding
that is going on. This seems like a glaring ommission to me.

Am I wrong?

Is there any reason not to log the port here in sshd.c:

verbose("Connection from %.500s port %d", remote_ip, remote_port);

So that the info states (note the 9999):

"Connection on port 9999 from 192.168.1.5 port 5180"

And IDEALLY:

"Connection on port 9999 (forwards to google.com:80) from
192.168.1.5 port 5180"

Re: Auditing/logging port forwarding [ In reply to ]

jblaine at kickflop

Jan 27, 2009, 12:00 PM

Post #2 of 2 (1804 views)

Anyone?

Jeff Blaine wrote:
> OpenSSH Version: any
>
> From all I can gather, there is no way to log port forwarding
> that is going on. This seems like a glaring ommission to me.
>
> Am I wrong?
>
> Is there any reason not to log the port here in sshd.c:
>
> verbose("Connection from %.500s port %d", remote_ip, remote_port);
>
> So that the info states (note the 9999):
>
> "Connection on port 9999 from 192.168.1.5 port 5180"
>
> And IDEALLY:
>
> "Connection on port 9999 (forwards to google.com:80) from
> 192.168.1.5 port 5180"
>