Michael Mess
2010-Oct-26 10:35 UTC
Suggestion for -G option for remote ports to be forwarded, analogous to -g option for local ports (-L) to be forwarded.
When forwarding local ports with -L these ports can be made accessible to the local net with the -g option. For remote ports, forwarded with -R this option does not apply. It would be nice to have a -G option which does the same on the remote machine for the remote net, depending on the remote users rights. On the server site it should be configurable, on which networks/addresses the forwarded ports should be (un)available if the -G option is specified, this should default to the remote users rights: If the remote user (the user logged in on the remote site) can do a "ssh -g", the local user should be able to use the -G option. This would make sense, because a logged in remote user who can do "ssh -g" could login to itself with "ssh -g", forwarding another port, accessible by everywhere to the only local accessable port already forwarded by the ssh session created when logging in from local to remote. Cheers, Michael
Damien Miller
2010-Oct-27 05:57 UTC
Suggestion for -G option for remote ports to be forwarded, analogous to -g option for local ports (-L) to be forwarded.
search for "GatewayPorts" in man sshd_config. On Tue, 26 Oct 2010, Michael Mess wrote:> When forwarding local ports with -L these ports can be made accessible > to the local net with the -g option. > > For remote ports, forwarded with -R this option does not apply. It would > be nice to have a -G option which does the same on the remote machine > for the remote net, depending on the remote users rights. > > On the server site it should be configurable, on which > networks/addresses the forwarded ports should be (un)available if the -G > option is specified, this should default to the remote users rights: > If the remote user (the user logged in on the remote site) can do a "ssh > -g", the local user should be able to use the -G option. > This would make sense, because a logged in remote user who can do "ssh > -g" could login to itself with "ssh -g", forwarding another port, > accessible by everywhere to the only local accessable port already > forwarded by the ssh session created when logging in from local to remote. > > Cheers, > > Michael > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >
Peter Stuge
2010-Oct-28 06:56 UTC
Suggestion for -G option for remote ports to be forwarded, analogous to -g option for local ports (-L) to be forwarded.
Michael Mess wrote:> When forwarding local ports with -L these ports can be made accessible > to the local net with the -g option. > > For remote ports, forwarded with -R this option does not apply. It would > be nice to have a -G option which does the same on the remote machine > for the remote net, depending on the remote users rights.Damien Miller wrote:> search for "GatewayPorts" in man sshd_config.Also note that this is and should be a sshd setting. I don't think it's a very good idea to allow a client to specify the forwarding policy on the server. //Peter