Displaying 12 results from an estimated 12 matches for "permitlisten".
2017 May 08
2
[Bug 2716] New: [PATCH] Add "permitlisten" support for -R style forward
https://bugzilla.mindrot.org/show_bug.cgi?id=2716
Bug ID: 2716
Summary: [PATCH] Add "permitlisten" support for -R style
forward
Product: Portable OpenSSH
Version: 7.5p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unass...
2020 May 05
1
[Bug 3159] New: authorized_keys: gap in port forwarding restrictions
...ns
no-port-forwarding: Forbids TCP forwarding when this key is used for
authentication.
port-forwarding: Enable port forwarding previously disabled by the
restrict option.
permitopen: Limit local port forwarding with the ssh(1) -L option such
that it may only connect to the specified host and port.
permitlisten: Limit remote port forwarding with the ssh(1) -R option
such that it may only listen on the specified host (optional) and port.
---
If you enable 'restrict' or 'no-port-forwarding', it does not matter if
you also use 'permitopen' or 'permitlisten' - all port forward...
2017 May 08
2
[PATCH] / permitgwports / permitlisten
Hi Phillipp, developers;
I likewise just submitted a patch for similar. It i buried under the thread named OpenSSH contract development / patch.
At the request of the OpenSSH dev team, I submitted our patch in the mindrot Bugzilla
https://bugzilla.mindrot.org/show_bug.cgi?id=2711
Your patch, I see is available there too
https://bugzilla.mindrot.org/show_bug.cgi?id=2716
Anyhow, just drawing
2012 Aug 29
39
[Bug 2038] New: permitopen functionality but for remote forwards
https://bugzilla.mindrot.org/show_bug.cgi?id=2038
Priority: P5
Bug ID: 2038
Assignee: unassigned-bugs at mindrot.org
Summary: permitopen functionality but for remote forwards
Severity: enhancement
Classification: Unclassified
OS: Other
Reporter: damonswirled at gmail.com
Hardware: Other
2018 Aug 24
0
Announce: OpenSSH 7.8 released
...-512-cert-v01 at openssh.com" to
explicitly force use of RSA/SHA2 signatures in authentication.
* sshd(8): extend the PermitUserEnvironment option to accept a
whitelist of environment variable names in addition to global
"yes" or "no" settings.
* sshd(8): add a PermitListen directive to sshd_config(5) and a
corresponding permitlisten= authorized_keys option that control
which listen addresses and port numbers may be used by remote
forwarding (ssh -R ...).
* sshd(8): add some countermeasures against timing attacks used for
account validation/enumeration....
2018 Aug 24
0
Announce: OpenSSH 7.8 released
...-512-cert-v01 at openssh.com" to
explicitly force use of RSA/SHA2 signatures in authentication.
* sshd(8): extend the PermitUserEnvironment option to accept a
whitelist of environment variable names in addition to global
"yes" or "no" settings.
* sshd(8): add a PermitListen directive to sshd_config(5) and a
corresponding permitlisten= authorized_keys option that control
which listen addresses and port numbers may be used by remote
forwarding (ssh -R ...).
* sshd(8): add some countermeasures against timing attacks used for
account validation/enumeration....
2019 Oct 09
0
Announce: OpenSSH 8.1 released
...ted for resumed download but was considered already complete.
bz#2978
* sftp(1): fix a typo and make <esc><right> move right to the
closest end of a word just like <esc><left> moves left to the
closest beginning of a word.
* sshd(8): cap the number of permitopen/permitlisten directives
allowed to appear on a single authorized_keys line.
* All: fix a number of memory leaks (one-off or on exit paths).
* Regression tests: a number of fixes and improvements, including
fixes to the interop tests, adding the ability to run most tests
on builds that disable OpenS...
2017 May 05
3
[Bug 2711] New: Patch to add permitgwport and restrict permitopen to be a default deny
https://bugzilla.mindrot.org/show_bug.cgi?id=2711
Bug ID: 2711
Summary: Patch to add permitgwport and restrict permitopen to
be a default deny
Product: Portable OpenSSH
Version: 7.2p2
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component:
2019 Oct 01
9
Call for testing: OpenSSH 8.1
...resumed download but was considered already complete.
bz#2978
* sftp(1): fix a typo and make <esc><right> move right to the
closest end of a word just like <esc><left> moves left to the
closest beginning of a word.
* sshd(8): cap the number of permiopen/permitlisten directives
allowed to appear on a single authorized_keys line.
* All: fix a number of memory leaks (one-off or on exit paths).
* Regression tests: a number of fixes and improvments, including
fixes to the interop tests, adding the ability to run most tests
on builds that disable OpenSS...
2020 Feb 11
3
Identify multiple users doing reverse port FWD with their pubkeys
Hello,
I hope it's the correct ML to get support for "advanced" ssh use
(sorry if it's not the case)
And I would be very grateful if someone could help me on this issue.
Here is my challenge :
- I have X devices (around 30) and one SSH server
- Each of them have a unique public key and create one dynamic reverse
port forwarding on the server
- All of them connect with the
2018 Aug 10
10
Call for testing: OpenSSH 7.8
...-512-cert-v01 at openssh.com" to
explicitly force use of RSA/SHA2 signatures in authentication.
* sshd(8): extend the PermitUserEnvironment option to accept a
whitelist of environment variable names in addition to global
"yes" or "no" settings.
* sshd(8): add a PermitListen directive to sshd_config(5) and a
corresponding permitlisten= authorized_keys option that control
which listen addresses and port numbers may be used by remote
forwarding (ssh -R ...).
* sshd(8): add some countermeasures against timing attacks used for
account validation/enumeration....
2020 Feb 12
2
Identify multiple users doing reverse port FWD with their pubkeys
...arameter
for each pubkey in the authorized key file and then be able to
identify which device did the established connection.
For example I try to set an environnement variable for each pubkey in
the authorized file but can't get it when doing reverse forwarding.
Then I try to have a different permitlisten port but it doesn't work
with dynamic port :(.
Can i create a tunnel for each device or execute a specific command to
identify a posteriori which device created the reverse forwarding
port?
Thanks,
Clement
>
> Whereas the *IP* of the device in question can be read on demand from
> th...