Issue 54 in shellinabox: Real IP recognition over proxy
shell...@googlecode.com
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 54 by marpiotr: Real IP recognition over proxy
http://code.google.com/p/shellinabox/issues/detail?id=54
I use shellinabox (and find it really great) through nginx, and noticed
that in logs the remote host
appears as 127.0.0.1, because the connection is proxied (the values are the
real ones when i access
it directly)
It woud be nice to have "X-Forwarded-For" or "X-Real-IP" headers read by
shellinabox, so the
remote host address would get the actual values.
Also, when using SSH service for authentication the remote address is also
localhost, but I suppose
that's an unsolvable issue. I hope I'm wrong, though.
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
shell...@googlecode.com
Comment #1 on issue 54 by ahvenas: Real IP recognition over proxy
http://code.google.com/p/shellinabox/issues/detail?id=54
I second that motion, currently you can't apply the same security rules to
shellinabox
that applies to the SSH daemon.
shell...@googlecode.com
Comment #2 on issue 54 by stanisla...@gmail.com: Real IP recognition over
proxy
http://code.google.com/p/shellinabox/issues/detail?id=54
This is big problem for me. I would like to see real addresses for SSH
sessions.
shell...@googlecode.com
Status: Accepted
Comment #3 on issue 54 by beewoo...@gmail.com: Real IP recognition over
proxy
http://code.google.com/p/shellinabox/issues/detail?id=54
Sounds like a reasonable request. Patches welcome.
shell...@googlecode.com
Comment #4 on issue 54 by kveron...@gmail.com: Real IP recognition over
proxy
http://code.google.com/p/shellinabox/issues/detail?id=54
This one has been sitting for quite sometime now... Has anybody submitted
a patch, or has been it added to a current version of Shell-in-a-box?
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
shell...@googlecode.com
Comment #5 on issue 54 by ELyn...@gmail.com: Real IP recognition over proxy
https://code.google.com/p/shellinabox/issues/detail?id=54
Any hints on where it reads the IP address in the code, been searching all
morning for the header data and can't seem to find a spot that reads
remote-addr at all.
shell...@googlecode.com
Comment #6 on issue 54 by david.c....@gmail.com: Real IP recognition over
proxy
https://code.google.com/p/shellinabox/issues/detail?id=54
5 years now... 13 visitors have 'starred' this as a request, and probably
countless others (especially those running fail2ban that can't properly
identify the connecting server ip...).
I second (or third, or 6th...) the motion.
I really like SIAB, but this would be more secure with the ability to
resolve that connecting IP through a proxy.
Thanks for listening.
shell...@googlecode.com
Comment #7 on issue 54 by luka.kra...@gmail.com: Real IP recognition over
proxy
https://code.google.com/p/shellinabox/issues/detail?id=54
Unfortanely this project is not actively maintained and Google Code will
shutdown soon. Because of this we created a fork on Github:
https://github.com/shellinabox/shellinabox
I will try to solve this issue on our fork in the near future.
As stated in first comment it would be possible to get real IP
from "X-Real-IP" or "X-Forwarded-For" HTTP header data. Than we could use
this IP with -h parameter for LOGIN service. But for SSH service, I think
that it is imposible to do that.
For general solution I was thinking that logging to file could be
implemented. Maybe user could activate this feature with command line
option for log file path. It should be also possible to rotate the file
etc...
Any thoughts? We can continue our discussion here:
https://github.com/shellinabox/shellinabox/issues/54