diff options
| author | Jaap Keuter <jaap.keuter@xs4all.nl> | 2023-02-19 13:41:24 +0000 |
|---|---|---|
| committer | Gilbert Ramirez <gilbertr@gmail.com> | 2023-02-19 13:41:24 +0000 |
| commit | 455b9a470f6de3f3606ae5a3d9299d726d257e52 (patch) | |
| tree | 2a2b047ac760f2bc07133b85d76a8e4d01e1f2dc /doc | |
| parent | f6e6853dc4c876109ca74fbb14e62ab5ee532d89 (diff) | |
sshdump: add capability to use doas on remote host
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/sshdump.adoc | 78 |
1 files changed, 66 insertions, 12 deletions
diff --git a/doc/sshdump.adoc b/doc/sshdump.adoc index 5165aefb91..9b86db4976 100644 --- a/doc/sshdump.adoc +++ b/doc/sshdump.adoc @@ -26,11 +26,17 @@ sshdump - Provide interfaces to capture from a remote host through SSH using a r [ *--remote-port*=<TCP port> ] [ *--remote-username*=<username> ] [ *--remote-password*=<password> ] -[ *--sshkey*=<public key path> ] +[ *--sshkey*=<private key path> ] +[ *--sshkey-passphrase*=<private key passphrase> ] +[ *--proxycommand*=<SSH proxy command> ] [ *--remote-interface*=<interface> ] [ *--remote-capture-command-select*=<capture command selection> ] [ *--remote-capture-command*=<capture command> ] -[ *--remote-sudo* ] +[ *--remote-priv*=<privilege elevation command selection> ] +[ *--remote-priv-user*=<privileged user name> ] +[ *--remote-noprom* ] +[ *--remote-filter*=<remote capture filter> ] +[ *--remote-count*=<number> ] [manarg] *sshdump* @@ -128,6 +134,14 @@ List DLTs of specified interface. List configuration options of specified interface. -- +--extcap-capture-filter=<capture filter>:: ++ +-- +The capture filter. It corresponds to the value provided via the *tshark -f* +option, and the Capture Filter field next to the interfaces list in the +Wireshark interface. +-- + --capture:: + -- @@ -172,6 +186,18 @@ recommended to use keyfiles with a SSH agent. The path to a private key for authentication. NOTE: Only OPENSSH key/value pair format is supported. -- +--sshkey-passphrase=<SSH private key passphrase>:: ++ +-- +The passphrase for the private key for authentication. +-- + +--proxycommand=<proxy command>:: ++ +-- +The command to use as proxy for the SSH connection. +-- + --remote-interface=<remote interface>:: + -- @@ -204,14 +230,33 @@ When specified, this command will be used as is, options such as the capture filter (*--extcap-capture-filter*) will not be appended. -- ---extcap-capture-filter=<capture filter>:: +--remote-priv=<privilege elevation command selection>:: + -- -The capture filter. It corresponds to the value provided via the *tshark -f* +The command to use to achieve privilege elevation to capture on the remote host. Either none, sudo or doas. +-- + +--remote-priv-user=<privileged user name>:: ++ +-- +If a command is used to achieve privilege elevation to capture on the remote host this may require a user name. +If needed use this option to give that user name. +-- + +--remote-filter=<capture filter>:: ++ +-- +The remote capture filter. It corresponds to the value provided via the *tshark -f* option, and the Capture Filter field next to the interfaces list in the Wireshark interface. -- +--remote-count=<number>:: ++ +-- +The number of packets to capture. +-- + == EXAMPLES To see program arguments: @@ -245,7 +290,7 @@ To see interface configuration options: .Example output arg {number=0}{call=--remote-host}{display=Remote SSH server address}{type=string} {tooltip=The remote SSH host. It can be both an IP address or a hostname}{required=true}{group=Server} - arg {number=1}{call=--remote-port}{display=Remote SSH server port}{type=unsigned} + arg {number=1}{call=--remote-port}{display=Remote SSH server port}{type=unsigned}{default=22} {tooltip=The remote SSH host port (1-65535)}{range=1,65535}{group=Server} arg {number=2}{call=--remote-username}{display=Remote SSH server username}{type=string} {tooltip=The remote SSH username. If not provided, the current user will be used}{group=Authentication} @@ -266,21 +311,26 @@ To see interface configuration options: value {arg=8}{value=other}{display=Other:} arg {number=9}{call=--remote-capture-command}{display=Remote capture command}{type=string} {tooltip=The remote command used to capture}{group=Capture} - arg {number=10}{call=--remote-sudo}{display=Use sudo on the remote machine}{type=boolflag} - {tooltip=Prepend the capture command with sudo on the remote machine}{group=Capture} - arg {number=11}{call=--remote-noprom}{display=No promiscuous mode}{type=boolflag} + arg {number=10}{call=--remote-priv}{display=Gain capture privilege on the remote machine}{type=radio} + {tooltip=Optionally prepend the capture command with sudo or doas on the remote machine}{group=Capture} + value {arg=10}{value=none}{display=none}{default=true} + value {arg=10}{value=sudo}{display=sudo} + value {arg=10}{value=doas -n}{display=doas} + arg {number=11}{call=--remote-priv-user}{display=Privileged user name for sudo or doas}{type=string} + {tooltip=User name of privileged user to execute the capture command on the remote machine}{group=Capture} + arg {number=12}{call=--remote-noprom}{display=No promiscuous mode}{type=boolflag} {tooltip=Don't use promiscuous mode on the remote machine}{group=Capture} - arg {number=12}{call=--remote-filter}{display=Remote capture filter}{type=string} + arg {number=13}{call=--remote-filter}{display=Remote capture filter}{type=string} {tooltip=The remote capture filter}{default=not ((host myhost) and port 22)}{group=Capture} - arg {number=13}{call=--remote-count}{display=Packets to capture}{type=unsigned}{default=0} + arg {number=14}{call=--remote-count}{display=Packets to capture}{type=unsigned}{default=0} {tooltip=The number of remote packets to capture. (Default: inf)}{group=Capture} - arg {number=14}{call=--log-level}{display=Set the log level}{type=selector} + arg {number=15}{call=--log-level}{display=Set the log level}{type=selector} {tooltip=Set the log level}{required=false}{group=Debug} value {arg=14}{value=message}{display=Message}{default=true} value {arg=14}{value=info}{display=Info} value {arg=14}{value=debug}{display=Debug} value {arg=14}{value=noisy}{display=Noisy} - arg {number=15}{call=--log-file}{display=Use a file for logging}{type=fileselect} + arg {number=16}{call=--log-file}{display=Use a file for logging}{type=fileselect} {tooltip=Set a file where log messages are written}{required=false}{group=Debug} @@ -292,6 +342,10 @@ To capture: To use different capture binaries: sshdump --extcap-interface=sshdump --fifo=/tmp/ssh.pcap --capture --remote-host 192.168.1.10 + --remote-username user --remote-priv sudo --remote-capture-command-select tcpdump + --remote-interface eth0 --remote-noprom + + sshdump --extcap-interface=sshdump --fifo=/tmp/ssh.pcap --capture --remote-host 192.168.1.10 --remote-capture-command='dumpcap -i eth0 -P -w -' sshdump --extcap-interface=sshdump --fifo=/tmp/ssh.pcap --capture --remote-host 192.168.1.10 |