As subject: I'd like to suggest the following additions to OpenSSH to add extra logging and security features around tunneling 1) When a SSH Tunnel is set up the SSH server should log (with an appropriate LogLevel setting VERBOSE, DEBUG?) the user and the dest ip/port combination setup, to enable sensible auditing controls to be in place for forwarded connections. 2) Add a new sshd_config option to control port forwarding based based on forwarded destination IPs and ports e.g. AllowForwardingTo *:80 AllowForwardingTo 1.2.3.4:8080 AllowForwardingTo 6.7.8.9 DenyForwardingTo * 3) If possible restrict forwarding on a per group/user basis at the global configuration level, rather than on an individual basis in there authorized_keys file. Cheers Gareth