bugzilla-daemon at mindrot.org
2012-Aug-29 02:05 UTC
[Bug 2038] New: permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038
Priority: P5
Bug ID: 2038
Assignee: unassigned-bugs at mindrot.org
Summary: permitopen functionality but for remote forwards
Severity: enhancement
Classification: Unclassified
OS: Other
Reporter: damonswirled at gmail.com
Hardware: Other
Status: NEW
Version: 6.0p1
Component: sshd
Product: Portable OpenSSH
i have a very similar use case to bug 1949 where i would like to create
a reverse ssh box using:
ssh login at box -R 2000:localhost:22
however i would like to be able to specify on the remote server what
port/s are able to be forwarded back to the client e.g. only 2000 in
this case. this might be accomplished in the same way that permitOpen
is used to limit the local forwards allowable on the server: in the
sshd_config and/or in the authorized_keys file.
in my case the remote server would be a backup machine that allows
remote backups from the field, even from behind firewalls, but trusting
the client the least amount possible. in the server configuration all
the client would be allowed to do is connect to the server and forward
a predetermined (set of) port/s back to itself, by which the server
could then initiate a remote backup.
sincerely,
proctor
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2012-Sep-07 02:11 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Some options:
1. Separate option
PermitROpen 2000 2001 2002 3000-3999
2. Reuse PermitOpen, but treat numbers without ':' as -R port numbers
PermitOpen 127.0.0.1:1234 2000 2001 2002 3000-3999
The advantage of (1) is that we can extend it to allow selection of
bind address, but (2) can't do this...
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2012-Sep-08 06:47 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038 --- Comment #2 from proctor <damonswirled at gmail.com> --- (In reply to comment #1)> Some options: > > 1. Separate option > > PermitROpen 2000 2001 2002 3000-3999 > > 2. Reuse PermitOpen, but treat numbers without ':' as -R port numbers > > PermitOpen 127.0.0.1:1234 2000 2001 2002 3000-3999 > > The advantage of (1) is that we can extend it to allow selection of > bind address, but (2) can't do this...from my point of view either one of these solutions would be _very_ welcome. although i don't require it at this moment, i can certainly imagine scenarios where control over bind address would be valuable. are there any drawbacks to option one? sincerely, proctor -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2013-Jan-02 15:24 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038
Llu?s Gili <tictacbum at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |tictacbum at gmail.com
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2013-Jan-07 13:59 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038
descala at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |descala at gmail.com
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2014-May-15 07:25 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038
Atony Antony <antony at phenome.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |antony at phenome.org
--- Comment #3 from Atony Antony <antony at phenome.org> ---
Created attachment 2436
--> https://bugzilla.mindrot.org/attachment.cgi?id=2436&action=edit
[PATCH] 6.6p1-permitremoteopen
I have been wokring on a similar idea. See the attached patch. It works
on Linux (6.6p1). It also seems to apply on OpenBSD version 6.4,6.5.
https://github.com/antonyantony/openssh/
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2014-Jun-19 15:03 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038
james at coppermoth.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |james at coppermoth.com
--- Comment #4 from james at coppermoth.com ---
This patch seems exactly what I need (I had just posted a message to
-devs and had started to investigate writing my own patch).
I will apply and verify that it works for me (I would want to specify
the restricted port on a per-user basis)
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2014-Dec-16 00:54 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038 --- Comment #5 from Atony Antony <antony at phenome.org> --- Created attachment 2517 --> https://bugzilla.mindrot.org/attachment.cgi?id=2517&action=edit tested on 6.7p1 and applies on cvs current too. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2014-Dec-16 21:16 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038 --- Comment #6 from james at coppermoth.com --- What needs to happen to get this patch into master? I have been using this and it seems a sensible, low risk addition -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2015-Feb-02 11:57 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038
Marcus Popp <mail at mpopp.eu> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mail at mpopp.eu
--- Comment #7 from Marcus Popp <mail at mpopp.eu> ---
*** Bug 2347 has been marked as a duplicate of this bug. ***
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2015-May-11 16:13 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038
Martin H?cker <spamfaenger at gmx.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |spamfaenger at gmx.de
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2015-May-11 16:15 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038
Robert <rhbugs at rbu.sh> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |rhbugs at rbu.sh
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-May-11 16:20 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038 --- Comment #8 from Martin H?cker <spamfaenger at gmx.de> --- I would like to add that we identified a possible security risk by not being able to restrict the remote port forwarding. Our use case is that we want to give one customer the ability to safely (via ssh tunnel) access a service that is only accessible locally on a machine, but noticed that if we allow him to locally (-L) forward a port, he can also use ssh to bind to any other port via -R. The problem with this is that ssh by default is perfectly happy to bind to ipv6 addresses, even for ports where the ipv4 address is already bound (8080 for some web server for example). Now other more modern tools (e.g. apache) could try to connect to the newly opened ipv6 port instead of the original service, if they are configured to use symbolic names like 'localhost' I don't think this is a big risk, but certainly very unexpected for us. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2015-Nov-18 08:14 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038
Peter ?strand <astrand at lysator.liu.se> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |astrand at lysator.liu.se
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Jan-11 21:07 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038
Peter Tripp <peter at chartio.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |peter at chartio.com
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-May-04 11:57 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038
github at kalvdans.no-ip.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |github at kalvdans.no-ip.org
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Oct-19 17:13 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038
Sascha Silbe <sascha-openssh-bugs at silbe.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |sascha-openssh-bugs at silbe.o
| |rg
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Nov-03 16:22 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038
Jean-Noel COUERON <jn.coueron at power-lan.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jn.coueron at power-lan.com
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Nov-03 16:24 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038 --- Comment #9 from Jean-Noel COUERON <jn.coueron at power-lan.com> --- Please add this feature that's exactly what i need. sincerely Jean-Noel -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Dec-27 18:36 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038
ernst at rohlicek.at changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ernst at rohlicek.at
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Dec-27 18:40 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038 --- Comment #10 from ernst at rohlicek.at --- This would also be highly beneficial for the local setup here. PermitOpen supports local portforward restrictions, but remote PFs cannot be restricted in vanialla OpenSSH at the moment. Please incorporate patch for restricting *remote* port forwards as well. Currently have to do this the clunky way using SELinux or similar to restrict which users may listen on which ports. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Jun-23 15:57 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038
rgm <ssh.rgm at spamgourmet.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ssh.rgm at spamgourmet.com
--- Comment #11 from rgm <ssh.rgm at spamgourmet.com> ---
I'd love this functionality, please consider for inclusion in OpenSSH
7.6. Is there something different or additional you'd like to see in
the patch before you'll include it?
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Jun-23 16:31 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038 --- Comment #12 from ernst at rohlicek.at --- Greetings, I can also only re-affirm the usefulness of such a restriction possibility. Primary concern here is restriction on which listen ports the client can bind to. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Sep-19 11:16 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038 --- Comment #13 from Atony Antony <antony at phenome.org> --- Created attachment 3054 --> https://bugzilla.mindrot.org/attachment.cgi?id=3054&action=edit 7.5p1 permitremoteopen patch up request to update the here is one for 7.5p1 If you need a patch for CentOS 7.3+ drop me a line. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Jan-31 21:11 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038 --- Comment #14 from bygon_wiggle <cody.edwards at hpe.com> --- Are there plans to merge the patch (https://github.com/antonyantony/openssh/) back into openssh? I did not find a open or closed pull request with this patch in https://github.com/openssh/openssh-portable -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Feb-01 13:13 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038 --- Comment #15 from ernst at rohlicek.at --- Not sure why the maintainers let a security-enhancing small patch rot here for several years. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Feb-01 14:39 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038 --- Comment #16 from Martin H?cker <spamfaenger at gmx.de> --- Maybe they need all he energy they have to move to a better integrated issue tracker and code hosting service that also tracks pull requests as a first class object? -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Mar-21 18:30 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038
bolt at dhampir.no changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bolt at dhampir.no
--- Comment #17 from bolt at dhampir.no ---
*** Bug 2842 has been marked as a duplicate of this bug. ***
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Mar-21 18:31 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038 --- Comment #18 from bolt at dhampir.no --- I have this exact same use case in the duped bug. Please integrate? -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Mar-22 18:24 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038
william.martin at power-lan.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |william.martin at power-lan.co
| |m
--- Comment #19 from william.martin at power-lan.com ---
I have the same request too. Can you merge the patch ?
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Apr-13 02:05 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038
ms.huan.zhao at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ms.huan.zhao at gmail.com
--- Comment #20 from ms.huan.zhao at gmail.com ---
Sadly to see almost 6 years past without final decision. But I'm still
looking forwarding to having the feature to close the security loophole
in my case.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-May-22 00:11 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2436|0 |1
is obsolete| |
Attachment #2517|0 |1
is obsolete| |
Attachment #3054|0 |1
is obsolete| |
Status|NEW |ASSIGNED
Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org
--- Comment #21 from Damien Miller <djm at mindrot.org> ---
Created attachment 3152
--> https://bugzilla.mindrot.org/attachment.cgi?id=3152&action=edit
PermitRemoteOpen directive
This is an implementation of PermitRemoteOpen, including regress tests
and a small refactoring of the permitopen permissions to enable more
sharing of code.
TODO: authorized_keys permitremoteopen, PermitRemoteOpen="123" (i.e.
bare port number), manual pages.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-May-22 10:15 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038 --- Comment #22 from Atony Antony <antony at phenome.org> --- Created attachment 3153 --> https://bugzilla.mindrot.org/attachment.cgi?id=3153&action=edit parse authorized_keys option permitremoteopen="port" this is great. my first attempt to add parsing authrorized_keys permitremote="port"option. It is also updated at https://github.com/antonyantony/openssh thanks. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-May-22 11:44 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038 --- Comment #23 from Atony Antony <antony at phenome.org> --- I just found out that my patch incomplete. it need more work. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-May-25 03:34 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |biagioni84 at gmail.com
--- Comment #24 from Damien Miller <djm at mindrot.org> ---
*** Bug 2751 has been marked as a duplicate of this bug. ***
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Jun-06 18:37 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Blocks| |2852
Resolution|--- |FIXED
--- Comment #25 from Damien Miller <djm at mindrot.org> ---
I've committed a variant of the patch that names the directive
PermitListen and added a permitlisten directive for authorized_keys.
This will be in the OpenSSH 7.8 release, due within the next few
months.
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2852
[Bug 2852] Tracking bug for OpenSSH 7.8 release
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Jun-07 06:16 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038 --- Comment #26 from Martin H?cker <spamfaenger at gmx.de> --- ?? -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Jun-19 03:03 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038
--- Comment #27 from Damien Miller <djm at mindrot.org> ---
... and I just added support for bare port numbers in
permitlisten/PermitListen:
commit 80e199d6175904152aafc5c297096c3e18297691 (HEAD -> master)
Author: djm at openbsd.org <djm at openbsd.org>
Date: Tue Jun 19 03:02:17 2018 +0000
upstream: test PermitListen with bare port numbers
OpenBSD-Regress-ID: 4b50a02dfb0ccaca08247f3877c444126ba901b3
commit 87ddd676da0f3abd08b778b12b53b91b670dc93c
Author: djm at openbsd.org <djm at openbsd.org>
Date: Tue Jun 19 02:59:41 2018 +0000
upstream: allow bare port numbers to appear in PermitListen
directives,
e.g.
PermitListen 2222 8080
is equivalent to:
PermitListen *:2222 *:8080
Some bonus manpage improvements, mostly from markus@
"looks fine" markus@
OpenBSD-Commit-ID: 6546b0cc5aab7f53d65ad0a348ca0ae591d6dd24
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2019-Mar-04 20:33 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038
Taylor R <taytrho at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |taytrho at gmail.com
--- Comment #28 from Taylor R <taytrho at gmail.com> ---
Now if only -R0 would pull from these ports specified in PermitListen.
PermitListen is halfway to what I'm looking to do. Attempting to brush
up on my C enough to craft a solution in the source files.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 04:58 UTC
[Bug 2038] permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #29 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Apparently Analagous Threads
- [Bug 2716] New: [PATCH] Add "permitlisten" support for -R style forward
- [Bug 2711] New: Patch to add permitgwport and restrict permitopen to be a default deny
- Reverse tunnel security settings
- [PATCH] / permitgwports / permitlisten
- [Bug 3159] New: authorized_keys: gap in port forwarding restrictions