Hi OpenSSH community,
The following patch cover the use cases where sshd must force/override
remote forwarding bind address.
I'm mainly using it to force a given user listening on a loopback
address. It avoids port binding conflicts
and allow me to restrict a given group or user to a specific address.
Example:
# sshd configuration file
Match User remote
GatewayPorts serverspecified
ForwardingBindAddress 127.1.0.2
As attached file you'll find the patch which improves and implements
two options in sshd_config:
* GatewayPorts: I added option "serverspecified" to list of
available values. When this option is given,
sshd will override remote port forwarding to bind on server
specified address "ForwardingBindAddress".
* ForwardingBindAddress: Defines on which address sshd must bind
when GatewayPorts = serverspecified.
The goal of this mail is (of course) to share with you the patch, but
also to get feedback about the idea
it-self and implementation as well.
Best regards,
--
Raphael Medaer
Product Development Engineer
Escaux
Escaux, the nr 1 alternative in Unified Communication
Chauss?e de Bruxelles 408, 1300 Wavre, Belgium
Direct: +3227887564
Main: +3226860900
www.escaux.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: server-specified-bind-address.patch
Type: text/x-patch
Size: 5163 bytes
Desc: not available
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20161215/3f67d036/attachment.bin>