search for: permitopen

http://bugzilla.mindrot.org/show_bug.cgi?id=1267 Summary: PermitOpen - Multiple forwards don't works Product: Portable OpenSSH Version: v4.5p1 Platform: ix86 OS/Version: Cygwin on NT/2k Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: bitbucket...

https://bugzilla.mindrot.org/show_bug.cgi?id=1513 Summary: CIDR address/masklen matching support for permitopen= Product: Portable OpenSSH Version: 5.1p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: 23874932...

https://bugzilla.mindrot.org/show_bug.cgi?id=1949 Bug #: 1949 Summary: PermitOpen none option Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: OpenBSD Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: unassigned-...

https://bugzilla.mindrot.org/show_bug.cgi?id=2347 Bug ID: 2347 Summary: permitopen doesn't work with unix domain sockets Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at min...

https://bugzilla.mindrot.org/show_bug.cgi?id=2711 Bug ID: 2711 Summary: Patch to add permitgwport and restrict permitopen to be a default deny Product: Portable OpenSSH Version: 7.2p2 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at mind...

https://bugzilla.mindrot.org/show_bug.cgi?id=3123 Bug ID: 3123 Summary: PermitOpen does not allow wildcards for hosts despite what docs say Product: Portable OpenSSH Version: 7.2p2 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd...

https://bugzilla.mindrot.org/show_bug.cgi?id=2582 Bug ID: 2582 Summary: Allow PermitOpen to use a wildcard hostname with a fixed port Product: Portable OpenSSH Version: 7.2p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee:...

I've just discovered the permitopen flag. We need such a feature for our poor man's VPN services, but this flag seems to be usable only if you generate your authorized_keys file from a database or something like that: keeping a long list of host/port combinations up to date for several users and keys is no fun. As announced...

...enSSH 5.1 you introduced CIDR address/masklen matching for "Match address" blocks in sshd_config as well as supporting CIDR matching in ~/.ssh/authorized_keys from="..." restrictions in sshd. I wonder whether CIDR address/masklen matching will be implemented for permitopen="host:port" restrictions in sshd as well, that would be quite beneficially (at least for me, maybe others,too;-)? Thank you - kind regards, Bert. -- GMX Kostenlose Spiele: Einfach online spielen und Spa? haben mit Pastry Passion! http://games.entertainment.gmx.net/de/...

...one that presented the correct key). Therefore I'd like an forceremoteport option in authorized_keys so whatever remote port is specified by the client (perhaps the client just specifies 0), it uses a particular allocated port and no other. I don't particularly want to do the equivalent of permitopen, as I'd have to have each client keep up with the port allocations on the server, which is unnecessary and a pain. In my scheme the client can do ssh -N -R 80:127.0.0.1:0 host.example.com with forceremoteport=12345, which would mean that telnet 127.0.0.1 12345 on host.example.com would co...

It looks like there is good support for limiting connections on the server side when the client uses the -L flag. What about support for server side connections (listens) when the client uses the -R flag? I am looking for an equivalent to permitopen that says what ports are valid for the remote host when using the -R flag. As it sits now, an unscrupulous ssh user can bind to any port above 1024 (on a unix box) or bind to any port on a windows box. Does anybody have any ideas? I am working from the 3.0.2p1 release of the code. It seems like ch...

Hi one question about the IPv6 format in permitopen=. Is this ":::/port" used anywhere else? The only documented format for literal IPv6 addresses I found was RFC 2732 as it's used in web-browsers. They specify the address as "[:::]:port" In OpenSSH this would be matched by changing "%255[^/]/%5[0-9]&qu...

On Wed, 27 Aug 2008, Damien Miller wrote: > On Tue, 26 Aug 2008, Peter Stuge wrote: > > On Fri, Aug 22, 2008 at 11:22:34AM +0200, Bert Courtin wrote: > > > I wonder whether CIDR address/masklen matching will be implemented > > > for permitopen="host:port" restrictions in sshd as well, that would > > > be quite beneficially (at least for me, maybe others,too;-)? > > > > Maybe you can look into it yourself? I expect that there are some > > generically useful functions for CIDR in the code. > > Al...

...ents that don't support TLS, for example fetchmail. (In fact, fetchmail has built-in ssh support.) However we don't want them connecting to other places pretending to be us, or using the feature to dig around inside the system's private network, etc. etc. This patch makes the existing permitopen="host:port" authorized_keys file option available in sshd_config, enabling the administrator to make it a global restriction rather than a per-key restriction. Any comments and suggested improvements are welcome. In particular, I'm not entirely sure that I have connected the pieces u...

...tps://bugzilla.mindrot.org/show_bug.cgi?id=2711 Your patch, I see is available there too https://bugzilla.mindrot.org/show_bug.cgi?id=2716 Anyhow, just drawing attention of these 2 patches together ? they?re similar, though not identical. Ours also changes the behavior of permitopen. Your approaches looks very familiar, it felt like deja vu. Thanks, Devin

https://bugzilla.mindrot.org/show_bug.cgi?id=1513 --- Comment #27 from VP <vladimir at arobas.net> --- Ryan, have you looked at patching version 6? :) -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1513 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|2266 | --- Comment #28 from Damien Miller <djm at mindrot.org> --- OpenSSH 6.8 is approaching release

https://bugzilla.mindrot.org/show_bug.cgi?id=1513 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2360 --- Comment #29 from Damien Miller <djm at mindrot.org> --- Retarget to 6.9 -- You are

https://bugzilla.mindrot.org/show_bug.cgi?id=1513 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|2360 |2403 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You

https://bugzilla.mindrot.org/show_bug.cgi?id=1513 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2443 --- Comment #30 from Damien Miller <djm at mindrot.org> --- Retarget pending bugs to