我想将 /usr/bin/w 中的 FROM 字段设置为各种不同的字符串,这些字符串不是我的 sshd 对用户来自哪里的看法。这主要是因为入站 ssh 通常通过主机中继(例如端口 80 HTTP 代理或基于浏览器的 ssh 网关)进行,因此在这种情况下 w 列会给出 localhost。让它列出带有 tor 注释的入站 tor 连接也不错。
有办法做到这一点吗?(例如也许在 PAM 的某个地方?)
答案1
我检查了一些文档和代码,显然没有办法做到这一点。从 utmp字段由设置,sshd使用反向 DNS 查找来查找要使用的内容,并且sshd没有太多关于如何操作它的选项。查看选项-u以sshd了解一些相关信息(并查看在 DNS 查找不正确或不存在的情况下会失败的情况):
-u len This option is used to specify the size of the field in
the utmp structure that holds the remote host name. If
the resolved host name is longer than len, the dotted
decimal value will be used instead. This allows hosts
with very long host names that overflow this field to
still be uniquely identified. Specifying -u0 indicates
that only dotted decimal addresses should be put into
the utmp file. -u0 may also be used to prevent sshd
from making DNS requests unless the authentication mech‐
anism or configuration requires it. Authentication
mechanisms that may require DNS include
RhostsRSAAuthentication, HostbasedAuthentication, and
using a from="pattern-list" option in a key file. Con‐
figuration options that require DNS include using a
USER@HOST pattern in AllowUsers or DenyUsers.