I've just discovered the permitopen flag. We need such a feature for
our poor man's VPN services, but this flag seems to be usable only if
you generate your authorized_keys file from a database or something
like that: keeping a long list of host/port combinations up to date
for several users and keys is no fun.
As announced before, we have developed a far more powerful mechanism
for controlling port forwarding, see:
http://cert.uni-stuttgart.de/projects/openssh.php
(I'm currenty porting it to the most recent portable OpenSSH version.)
Why haven't you used this already existing code?
--
Florian Weimer Florian.Weimer at RUS.Uni-Stuttgart.DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
On Mon, Aug 27, 2001 at 08:35:18PM +0200, Florian Weimer wrote:> I've just discovered the permitopen flag. We need such a feature for > our poor man's VPN services, but this flag seems to be usable only if > you generate your authorized_keys file from a database or something > like that: keeping a long list of host/port combinations up to date > for several users and keys is no fun. > > As announced before, we have developed a far more powerful mechanism > for controlling port forwarding, see: > > http://cert.uni-stuttgart.de/projects/openssh.php > > (I'm currenty porting it to the most recent portable OpenSSH version.) > > Why haven't you used this already existing code?already existing code was used.