Antony Antony
2014-Jun-19 18:17 UTC
[PATCH] permitremoteopen - to limit remote port forwarding per user
Hi, Here is a patch to limit reverse port forwarding(-R) per user/key on the server. For example add: permitremoteopen="8023" ssh-dss AAAAB3NzaC1kc3MAAACBAOUE.. in user's ~/.ssh/authorized_keys server will limit -R to port 8023 only. an example of violation. ssh -v -R 8022:127.0.0.1:22 -i.ssh/id_dsa foo at 10.0.0.1 debug1: Remote: Server denied remote port forward request. debug1: remote forward failure for: listen 8022, connect 127.0.0.1:22 Warning: remote port forwarding failed for listen port 8022 and ssh -v -R 8023:127.0.0.1:22 -i.ssh/id_dsa foo at 10.0.0.1 will forward the port. The patch should work on 6.6p1, 6.5p1, 6.4p1 and 6.6 regards, -antony -------------- next part -------------- A non-text attachment was scrubbed... Name: permitremoteopen.patch Type: text/x-diff Size: 13776 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140619/b37e81c6/attachment-0001.bin>
Reasonably Related Threads
- Bug? between OpenSSH 6.4p1 and 6.5p1(also 6.6p1)
- [Bug 2038] New: permitopen functionality but for remote forwards
- Regression in 6.5p1 when using -W option
- [Bug 2716] New: [PATCH] Add "permitlisten" support for -R style forward
- Password authentication problem with 6.4p1 (and later) clients