bugzilla-daemon at bugzilla.mindrot.org
2018-Mar-21 14:22 UTC
[Bug 2842] New: PermitListen, like PermitOpen but for -R (remote port forwarding)
https://bugzilla.mindrot.org/show_bug.cgi?id=2842 Bug ID: 2842 Summary: PermitListen, like PermitOpen but for -R (remote port forwarding) Product: Portable OpenSSH Version: 7.6p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: bolt at dhampir.no I made a setup where several road warriors (varying IP's) connect to home base and forward one port each to their local SSH ports, i.e: "ssh rw1002 at homebase -n -N -R 5002:localhost:22" "ssh rw1003 at homebase -n -N -R 5003:localhost:22" I can not find an option to restrict user rw1002 from forwarding port 5003, or for that matter stealing port 1080 or 8080 or whatever else local services might be configured to use if they're not running at the time. Several important things use ports >=1024 these days. PermitOpen restricts destinations for forwarding with -L I'm missing a similar option for -R Example: Match User rw1002 PermitListen 5002 Match User rw1003 PermitListen 0.0.0.0:5003 Match User rw1004 PermitListen localhost:5004 Similarly, having the option to do this in authorized_keys files would, I think, be awesome. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Mar-21 15:06 UTC
[Bug 2842] PermitListen, like PermitOpen but for -R (remote port forwarding)
https://bugzilla.mindrot.org/show_bug.cgi?id=2842 bolt at dhampir.no changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bolt at dhampir.no -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Mar-21 15:46 UTC
[Bug 2842] PermitListen, like PermitOpen but for -R (remote port forwarding)
https://bugzilla.mindrot.org/show_bug.cgi?id=2842 Jakub Jelen <jjelen at redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jjelen at redhat.com --- Comment #1 from Jakub Jelen <jjelen at redhat.com> --- Isn't this solved by the patch proposed in the bug #2038 ? -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Mar-21 18:30 UTC
[Bug 2842] PermitListen, like PermitOpen but for -R (remote port forwarding)
https://bugzilla.mindrot.org/show_bug.cgi?id=2842 bolt at dhampir.no changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |DUPLICATE Status|NEW |RESOLVED --- Comment #2 from bolt at dhampir.no --- It does indeed seem like that would take care of this issue. My search-fu needs more practice, it would seem. Thanks. *** This bug has been marked as a duplicate of bug 2038 *** -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 04:59 UTC
[Bug 2842] PermitListen, like PermitOpen but for -R (remote port forwarding)
https://bugzilla.mindrot.org/show_bug.cgi?id=2842 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #3 from Damien Miller <djm at mindrot.org> --- closing resolved bugs as of 8.6p1 release -- You are receiving this mail because: You are watching the assignee of the bug.