search for: allowforwardingport

...ig and authorized_keys files. I encountered it with the authorized_keys file (as it made a key unusable), and I haven't tested how the OpenSSH sshd reacts to having the unavailable flags in sshd_config: m. Options unavailable in sshd_options and authorized_keys. The AccountExpireWarningDays, AllowForwardingPort, AllowForwardingTo, AllowHosts, AllowSHosts, AllowTcpForwarding, DenyForwardingPort, DenyForwardingTo, DenyHosts, DenySHosts, DenyTcpForwarding, ForcedEmptyPasswdChange, ForcedPasswdChange, IdleTimeout, IgnoreRootRhosts, PasswordExpireWarningDays, SilentDeny, TISAuthentication, and Umask options ar...

...ard 6667 localhost:42000 where port 42000 is what ircd is listening to on the server. This works great, but my concern is a user changing this to localhost:3306 to gain access to MySQL, which is firewalled off. Reading O'Reilly's book on ssh, I see that F-Secure has a config option "AllowForwardingPort" to allow a range of ports that can be forwarded, but no mention of openssh having the same functionality. Basically, what I'd like to see in my (server-side) authorized_keys file is something like: no-pty,command="sleep 20",allowforwardingport="42000" ssh-dss [key]...