search for: permitopen

http://bugzilla.mindrot.org/show_bug.cgi?id=1267 Summary: PermitOpen - Multiple forwards don't works Product: Portable OpenSSH Version: v4.5p1 Platform: ix86 OS/Version: Cygwin on NT/2k Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: bitbucket at mind...

https://bugzilla.mindrot.org/show_bug.cgi?id=1513 Summary: CIDR address/masklen matching support for permitopen= Product: Portable OpenSSH Version: 5.1p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: 238749328749...

https://bugzilla.mindrot.org/show_bug.cgi?id=2711 Bug ID: 2711 Summary: Patch to add permitgwport and restrict permitopen to be a default deny Product: Portable OpenSSH Version: 7.2p2 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at mind...

https://bugzilla.mindrot.org/show_bug.cgi?id=2001 Bug #: 2001 Summary: Document PermitOpen none in man page Classification: Unclassified Product: Portable OpenSSH Version: -current Platform: All OS/Version: OpenBSD Status: NEW Severity: trivial Priority: P2 Component: Documentation AssignedTo: un...

https://bugzilla.mindrot.org/show_bug.cgi?id=1949 Bug #: 1949 Summary: PermitOpen none option Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: OpenBSD Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: unassigned-bugs...

https://bugzilla.mindrot.org/show_bug.cgi?id=2347 Bug ID: 2347 Summary: permitopen doesn't work with unix domain sockets Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at min...

https://bugzilla.mindrot.org/show_bug.cgi?id=3123 Bug ID: 3123 Summary: PermitOpen does not allow wildcards for hosts despite what docs say Product: Portable OpenSSH Version: 7.2p2 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd...

https://bugzilla.mindrot.org/show_bug.cgi?id=2582 Bug ID: 2582 Summary: Allow PermitOpen to use a wildcard hostname with a fixed port Product: Portable OpenSSH Version: 7.2p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee:...

I've just discovered the permitopen flag. We need such a feature for our poor man's VPN services, but this flag seems to be usable only if you generate your authorized_keys file from a database or something like that: keeping a long list of host/port combinations up to date for several users and keys is no fun. As announced bef...

...dev list, in OpenSSH 5.1 you introduced CIDR address/masklen matching for "Match address" blocks in sshd_config as well as supporting CIDR matching in ~/.ssh/authorized_keys from="..." restrictions in sshd. I wonder whether CIDR address/masklen matching will be implemented for permitopen="host:port" restrictions in sshd as well, that would be quite beneficially (at least for me, maybe others,too;-)? Thank you - kind regards, Bert. -- GMX Kostenlose Spiele: Einfach online spielen und Spa? haben mit Pastry Passion! http://games.entertainment.gmx.net/de/entertainment/ga...

...one that presented the correct key). Therefore I'd like an forceremoteport option in authorized_keys so whatever remote port is specified by the client (perhaps the client just specifies 0), it uses a particular allocated port and no other. I don't particularly want to do the equivalent of permitopen, as I'd have to have each client keep up with the port allocations on the server, which is unnecessary and a pain. In my scheme the client can do ssh -N -R 80:127.0.0.1:0 host.example.com with forceremoteport=12345, which would mean that telnet 127.0.0.1 12345 on host.example.com would co...

It looks like there is good support for limiting connections on the server side when the client uses the -L flag. What about support for server side connections (listens) when the client uses the -R flag? I am looking for an equivalent to permitopen that says what ports are valid for the remote host when using the -R flag. As it sits now, an unscrupulous ssh user can bind to any port above 1024 (on a unix box) or bind to any port on a windows box. Does anybody have any ideas? I am working from the 3.0.2p1 release of the code. It seems like ch...

Hi one question about the IPv6 format in permitopen=. Is this ":::/port" used anywhere else? The only documented format for literal IPv6 addresses I found was RFC 2732 as it's used in web-browsers. They specify the address as "[:::]:port" In OpenSSH this would be matched by changing "%255[^/]/%5[0-9]" to &quot...

On Wed, 27 Aug 2008, Damien Miller wrote: > On Tue, 26 Aug 2008, Peter Stuge wrote: > > On Fri, Aug 22, 2008 at 11:22:34AM +0200, Bert Courtin wrote: > > > I wonder whether CIDR address/masklen matching will be implemented > > > for permitopen="host:port" restrictions in sshd as well, that would > > > be quite beneficially (at least for me, maybe others,too;-)? > > > > Maybe you can look into it yourself? I expect that there are some > > generically useful functions for CIDR in the code. > > Al...

AFAIK everything you described here could be done using the AuthorizedKeysCommand or AuthorizedPrincipalsCommand directives. These can emit authorized_keys options (inc. permitopen) as well as the allowed keys/principals. On Sun, 12 Nov 2023, Bret Giddings wrote: > Hi OpenSSH devs, > > I?m wondering if the following has any merit and can be done securely ... > > If you could match on principals in the sshd_config, then (for example) on a gateway machine, y...

...the mindrot Bugzilla https://bugzilla.mindrot.org/show_bug.cgi?id=2711 Your patch, I see is available there too https://bugzilla.mindrot.org/show_bug.cgi?id=2716 Anyhow, just drawing attention of these 2 patches together ? they?re similar, though not identical. Ours also changes the behavior of permitopen. Your approaches looks very familiar, it felt like deja vu. Thanks, Devin

https://bugzilla.mindrot.org/show_bug.cgi?id=1513 --- Comment #27 from VP <vladimir at arobas.net> --- Ryan, have you looked at patching version 6? :) -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1513 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|2266 | --- Comment #28 from Damien Miller <djm at mindrot.org> --- OpenSSH 6.8 is approaching release and closed for

https://bugzilla.mindrot.org/show_bug.cgi?id=1513 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2360 --- Comment #29 from Damien Miller <djm at mindrot.org> --- Retarget to 6.9 -- You are receiving this

https://bugzilla.mindrot.org/show_bug.cgi?id=1513 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|2360 |2403 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching