bugzilla-daemon at bugzilla.mindrot.org
2011-Feb-10 13:36 UTC
[Bug 1857] New: [RFE] restrict port forwarding to localhost
https://bugzilla.mindrot.org/show_bug.cgi?id=1857 Summary: [RFE] restrict port forwarding to localhost Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: ossman at cendio.se In a nutshell, I'd very much like to see something like GatewayPort for PermitOpen, restricting clients to just services on the machine with sshd. Currently PermitOpen can only do this if you also specify a certain port. I'd like to allow any port (it is dynamically selected), but prevent people from using the sshd machine as a springboard to other machines. The users will not get a shell, instead ssh is essentially a VPN layer to get access to more insecure network services on the machine. Bug 1513 might be related, although the focus there is on networks instead of ports. My usecase is limited to restricting to localhost. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Feb-15 04:24 UTC
[Bug 1857] [RFE] restrict port forwarding to localhost
https://bugzilla.mindrot.org/show_bug.cgi?id=1857 --- Comment #1 from Darren Tucker <dtucker at zip.com.au> 2011-02-15 15:24:33 EST --- Created attachment 1997 --> https://bugzilla.mindrot.org/attachment.cgi?id=1997 Add port wildcard to permitopen ("permitopen localhost:*") -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Feb-15 04:25 UTC
[Bug 1857] [RFE] restrict port forwarding to localhost
https://bugzilla.mindrot.org/show_bug.cgi?id=1857 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at zip.com.au Blocks| |1845 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-06 00:34 UTC
[Bug 1857] [RFE] restrict port forwarding to localhost
https://bugzilla.mindrot.org/show_bug.cgi?id=1857 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1930 --- Comment #2 from Damien Miller <djm at mindrot.org> 2011-09-06 10:34:20 EST --- Retarget unresolved bugs/features to 6.0 release -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-06 00:36 UTC
[Bug 1857] [RFE] restrict port forwarding to localhost
https://bugzilla.mindrot.org/show_bug.cgi?id=1857 --- Comment #3 from Damien Miller <djm at mindrot.org> 2011-09-06 10:36:32 EST --- Retarget unresolved bugs/features to 6.0 release -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-06 00:39 UTC
[Bug 1857] [RFE] restrict port forwarding to localhost
https://bugzilla.mindrot.org/show_bug.cgi?id=1857 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|1845 | --- Comment #4 from Damien Miller <djm at mindrot.org> 2011-09-06 10:39:08 EST --- Retarget unresolved bugs/features to 6.0 release (try again - bugzilla's "change several" isn't) -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-23 00:23 UTC
[Bug 1857] [RFE] restrict port forwarding to localhost
https://bugzilla.mindrot.org/show_bug.cgi?id=1857 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #5 from Darren Tucker <dtucker at zip.com.au> 2011-09-23 10:23:22 EST --- This has been added and will be in the 6.0 release. Thanks. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
Seemingly Similar Threads
- [Bug 1857] [RFE] restrict port forwarding to localhost
- [Bug 1513] New: CIDR address/masklen matching support for permitopen=
- Restrict port forwarding on server
- [PATCH] global port forwarding restriction
- [Bug 2846] New: PermitOpen rule in sshd_config is not case insensitive