openssh unix dev - Aug 2009 - Restrict a client port-forward to 1 port

Hi,

Is it possible to restrict a client port-forwarding to one port?
For example i want client X to open only port 1037 on server through
port-forwarding, client Y only port 1038 and so on...
How can this be possible?
I use private/public keys authentication.
Client version is openssh3.8p1, is windows client, and server version
is latest openssh on a linux machine.

Can anyone help please?

Thank you so much,
Adriana

--- On Wed, 8/12/09, Adriana Rodean <adrya1984 at gmail.com> wrote:
> Hi,
> 
> Is it possible to restrict a client port-forwarding to one
> port?
Yes, but you must force key authentication.
Then, in the authorized keys, the 2 entries should look like this:

permitopen="10.16.0.211:1037" ssh-dss
AAAAB3NzaC1k...hyHN/a7BHblrelqwejrjqw..first.client.key...etc..elrjwerwer
permitopen="10.16.0.211:1038" ssh-dss
weafasdfds..second.client.key..werwerewerwe....etc..



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

You can use a "Match" rule and limit the ports by using  
"PermitOpen".   However this is per-user and not per machine/ 
location.  So it depends on what you want.

- Ben

On Aug 12, 2009, at 11:23 AM, Adriana Rodean wrote:
> Hi,
>
> Is it possible to restrict a client port-forwarding to one port?
> For example i want client X to open only port 1037 on server through
> port-forwarding, client Y only port 1038 and so on...
> How can this be possible?
> I use private/public keys authentication.
> Client version is openssh3.8p1, is windows client, and server version
> is latest openssh on a linux machine.
>
> Can anyone help please?
>
> Thank you so much,
> Adriana
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev