openssh unix dev - Feb 2003 - Limit forwarding to specific ports

Hello,

We are using the AllowUsers feature of sshd and would like to control
which users can ask for forwarding of which ports. E.g. when the
user is foo, allow him to tunnel connections to bar:5678 and baz:7654,
but no shell (or some dummy shell) and no other forwardings.

Is such feature planned for the future? Would you accept such patch
in the mainstream distribution?

I would appreciate Cc: to mail - I am not subscribed to the list.

Thanks
-- 
                                                              Stano

On Mon, Feb 17, 2003 at 02:11:58PM +0100, Stanislav Meduna
wrote:
> Is such feature planned for the future? Would you accept such patch
> in the mainstream distribution?
1) no, it's not planned. 

2) depends on patch size.

"Stanislav Meduna" <stano at meduna.org>
wrote:
>
>We are using the AllowUsers feature of sshd and would like to control
>which users can ask for forwarding of which ports. E.g. when the
>user is foo, allow him to tunnel connections to bar:5678 and baz:7654,
>but no shell (or some dummy shell) and no other forwardings.
I have a patch that is sort-of going in this direction, although it
isn't as flexible as I would like. Part of it allows you to control
which port forwardings are allowed; another part allows you to control
which features are available for users with a restricted shell. I
think the auth_restricted() hook that I added is a reasonable first
step towards proper generalization.

http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=104387691708672

Tony.
-- 
f.a.n.finch  <dot at dotat.at>  http://dotat.at/
CAPE WRATH TO RATTRAY HEAD INCLUDING ORKNEY: SOUTH OR SOUTHEAST 5 TO 7,
PERHAPS GALE 8 LATER AROUND ORKNEY. FAIR. MODERATE OR GOOD. MODERATE SHELTERED
WATERS, OTHERWISE ROUGH PERHAPS VERY ROUGH IN EAST.