bugzilla-daemon at bugzilla.mindrot.org
2017-May-05 03:33 UTC
[Bug 2711] New: Patch to add permitgwport and restrict permitopen to be a default deny
https://bugzilla.mindrot.org/show_bug.cgi?id=2711
Bug ID: 2711
Summary: Patch to add permitgwport and restrict permitopen to
be a default deny
Product: Portable OpenSSH
Version: 7.2p2
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: devin.nate at qhrtech.com
Created attachment 2975
--> https://bugzilla.mindrot.org/attachment.cgi?id=2975&action=edit
Patch
This is a patch to:
1. Allow the authorized_keys file to include a new option,
permitgwport="portnum". This allows the server to control what ports a
ssh client may open using ssh -R. If there is no permitgwport, then the
client may not open any ports using ssh -R.
2. Require that authorized_keys file has a permitopen option for each
ssh -L port forwarding the client will request. In particular, if there
are no permitopen statements, do not allow any ports to be opened
(default deny), which is different from normal sshd behaviour which
will allow any ports be opened if there is no permitopen option.
Thanks,
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-May-05 03:34 UTC
[Bug 2711] Patch to add permitgwport and restrict permitopen to be a default deny
https://bugzilla.mindrot.org/show_bug.cgi?id=2711
Devin Nate <devin.nate at qhrtech.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2975|0 |1
is obsolete| |
--- Comment #1 from Devin Nate <devin.nate at qhrtech.com> ---
Created attachment 2976
--> https://bugzilla.mindrot.org/attachment.cgi?id=2976&action=edit
Patch
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Dec-07 04:29 UTC
[Bug 2711] Patch to add permitgwport and restrict permitopen to be a default deny
https://bugzilla.mindrot.org/show_bug.cgi?id=2711
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |djm at mindrot.org
Resolution|--- |FIXED
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
We added PermitListen to openssh-7.8 that works similarly
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 05:00 UTC
[Bug 2711] Patch to add permitgwport and restrict permitopen to be a default deny
https://bugzilla.mindrot.org/show_bug.cgi?id=2711
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.