search for: allowstreamlocalforward

...treamLocalBindUnlink=yes -o ExitOnForwardFailure=yes -o BatchMode=yes > > -nN -R /sshvpn/gateway:127.0.0.1:22 -p 52221 sshvpn at host > > > > On the server: > > > > Match User sshvpn > > ChrootDirectory /var/sshvpn/ > > AllowTCPForwarding no > > AllowStreamLocalForwarding yes > > StreamLocalBindUnlink yes > > > > Then to connect to the client: > > > > $ ssh -o ProxyCommand='socat /var/sshvpn/sshvpn/gateway' root at gateway > > > > So, it works fine the first time, when the socket does not exist. Once > > t...

....243 laddr 176.9.9.247 lport 52221 > debug1: user sshvpn matched 'User sshvpn' at line 91 > debug3: match found > debug3: reprocess config:92 setting ChrootDirectory /var/sshvpn/ > debug3: reprocess config:93 setting AllowTCPForwarding no > debug3: reprocess config:94 setting AllowStreamLocalForwarding yes > debug3: reprocess config:95 setting StreamLocalBindUnlink yes > > And, surprisingly, even having set the directive outside the Match block, > the following command still doesn't show streamlocalbindunlink set: > > sshd -T -C "user=sshvpn,host=196.209.244.243,ad...

...-o ServerAliveInterval=5 -o StrictHostKeyChecking=yes -o TCPKeepAlive=yes -o StreamLocalBindUnlink=yes -o ExitOnForwardFailure=yes -o BatchMode=yes -nN -R /sshvpn/gateway:127.0.0.1:22 -p 52221 sshvpn at host On the server: Match User sshvpn ChrootDirectory /var/sshvpn/ AllowTCPForwarding no AllowStreamLocalForwarding yes StreamLocalBindUnlink yes Then to connect to the client: $ ssh -o ProxyCommand='socat /var/sshvpn/sshvpn/gateway' root at gateway So, it works fine the first time, when the socket does not exist. Once the connection terminates, and the client attempts to log in again, it fails b...

...Assignee: unassigned-bugs at mindrot.org Reporter: calestyo at scientia.net Hi. AFAIU such options which are allowed for Match blocks are marked with "SSHCFG_ALL" in servconf.c. Going through the list, a number of the is apparently allowed but missing from sshd_config(5): AllowStreamLocalForwarding IPQoS RevokedKeys StreamLocalBindMask StreamLocalBindUnlink TrustedUserCAKeys Could you please add these? I'd have written a patch, but since all my pull requests are apparently generally ignored it's probably just a waste of time :( Cheers, Chris. -- You are receiving this mail be...

Hi! I'm experimenting with migrating the custom sshd_config settings for our (Debian bullseye, openssh-server 8.4) server environment into fragments under sshd_config.d/, and am wondering about sshd's behaviour when encountering multiple AllowGroup lines. The manual states "For each keyword, the first obtained value will be used.", so that gives me the impression that any

..._DISPLAYS; if (options->use_dns == -1) options->use_dns = 0; if (options->client_alive_interval == -1) @@ -429,7 +432,7 @@ sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, sStreamLocalBindMask, sStreamLocalBindUnlink, - sAllowStreamLocalForwarding, sFingerprintHash, + sAllowStreamLocalForwarding, sFingerprintHash, sMaxDisplays, sDeprecated, sUnsupported } ServerOpCodes; @@ -572,6 +575,7 @@ { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, { "allowstreamlocalforwarding", sAllowStreamLocalForwardi...

..._files[i]); for (i = 0; i < options->num_host_cert_files; i++) @@ -417,6 +419,7 @@ typedef enum { sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, sStreamLocalBindMask, sStreamLocalBindUnlink, + sStreamLocalBindRootDirectory, sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, sDeprecated, sIgnore, sUnsupported } ServerOpCodes; @@ -558,6 +561,7 @@ static struct { { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL }, { "stream...