search for: permitopen

Displaying 20 results from an estimated 115 matches for "permitopen".

2006 Dec 05
3
[Bug 1267] PermitOpen - Multiple forwards don't works
http://bugzilla.mindrot.org/show_bug.cgi?id=1267 Summary: PermitOpen - Multiple forwards don't works Product: Portable OpenSSH Version: v4.5p1 Platform: ix86 OS/Version: Cygwin on NT/2k Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: bitbucket...
2008 Aug 27
18
[Bug 1513] New: CIDR address/masklen matching support for permitopen=
https://bugzilla.mindrot.org/show_bug.cgi?id=1513 Summary: CIDR address/masklen matching support for permitopen= Product: Portable OpenSSH Version: 5.1p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: 23874932...
2011 Nov 06
13
[Bug 1949] New: PermitOpen none option
https://bugzilla.mindrot.org/show_bug.cgi?id=1949 Bug #: 1949 Summary: PermitOpen none option Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: OpenBSD Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: unassigned-...
2015 Feb 01
3
[Bug 2347] New: permitopen doesn't work with unix domain sockets
https://bugzilla.mindrot.org/show_bug.cgi?id=2347 Bug ID: 2347 Summary: permitopen doesn't work with unix domain sockets Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at min...
2017 May 05
2
[Bug 2711] New: Patch to add permitgwport and restrict permitopen to be a default deny
https://bugzilla.mindrot.org/show_bug.cgi?id=2711 Bug ID: 2711 Summary: Patch to add permitgwport and restrict permitopen to be a default deny Product: Portable OpenSSH Version: 7.2p2 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at mind...
2020 Feb 19
1
[Bug 3123] New: PermitOpen does not allow wildcards for hosts despite what docs say
https://bugzilla.mindrot.org/show_bug.cgi?id=3123 Bug ID: 3123 Summary: PermitOpen does not allow wildcards for hosts despite what docs say Product: Portable OpenSSH Version: 7.2p2 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd...
2016 Jun 05
5
[Bug 2582] New: Allow PermitOpen to use a wildcard hostname with a fixed port
https://bugzilla.mindrot.org/show_bug.cgi?id=2582 Bug ID: 2582 Summary: Allow PermitOpen to use a wildcard hostname with a fixed port Product: Portable OpenSSH Version: 7.2p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee:...
2001 Aug 27
1
permitopen flag in authorized_keys file
I've just discovered the permitopen flag. We need such a feature for our poor man's VPN services, but this flag seems to be usable only if you generate your authorized_keys file from a database or something like that: keeping a long list of host/port combinations up to date for several users and keys is no fun. As announced...
2008 Aug 22
1
CIDR address/masklen matching support for permitopen="host:port" restrictions?
...enSSH 5.1 you introduced CIDR address/masklen matching for "Match address" blocks in sshd_config as well as supporting CIDR matching in ~/.ssh/authorized_keys from="..." restrictions in sshd. I wonder whether CIDR address/masklen matching will be implemented for permitopen="host:port" restrictions in sshd as well, that would be quite beneficially (at least for me, maybe others,too;-)? Thank you - kind regards, Bert. -- GMX Kostenlose Spiele: Einfach online spielen und Spa? haben mit Pastry Passion! http://games.entertainment.gmx.net/de/...
2011 Sep 30
0
openssh remote port forwarding and permitopen
...one that presented the correct key). Therefore I'd like an forceremoteport option in authorized_keys so whatever remote port is specified by the client (perhaps the client just specifies 0), it uses a particular allocated port and no other. I don't particularly want to do the equivalent of permitopen, as I'd have to have each client keep up with the port allocations on the server, which is unnecessary and a pain. In my scheme the client can do ssh -N -R 80:127.0.0.1:0 host.example.com with forceremoteport=12345, which would mean that telnet 127.0.0.1 12345 on host.example.com would co...
2001 Dec 05
1
permitopen for -R connections?
It looks like there is good support for limiting connections on the server side when the client uses the -L flag. What about support for server side connections (listens) when the client uses the -R flag? I am looking for an equivalent to permitopen that says what ports are valid for the remote host when using the -R flag. As it sits now, an unscrupulous ssh user can bind to any port above 1024 (on a unix box) or bind to any port on a windows box. Does anybody have any ideas? I am working from the 3.0.2p1 release of the code. It seems like ch...
2004 Apr 02
0
permitopen= IPv6 format
Hi one question about the IPv6 format in permitopen=. Is this ":::/port" used anywhere else? The only documented format for literal IPv6 addresses I found was RFC 2732 as it's used in web-browsers. They specify the address as "[:::]:port" In OpenSSH this would be matched by changing "%255[^/]/%5[0-9]&qu...
2008 Aug 27
0
CIDR address/masklen matching support for permitopen="host:port"
On Wed, 27 Aug 2008, Damien Miller wrote: > On Tue, 26 Aug 2008, Peter Stuge wrote: > > On Fri, Aug 22, 2008 at 11:22:34AM +0200, Bert Courtin wrote: > > > I wonder whether CIDR address/masklen matching will be implemented > > > for permitopen="host:port" restrictions in sshd as well, that would > > > be quite beneficially (at least for me, maybe others,too;-)? > > > > Maybe you can look into it yourself? I expect that there are some > > generically useful functions for CIDR in the code. > > Al...
2002 Aug 13
1
[PATCH] global port forwarding restriction
...ents that don't support TLS, for example fetchmail. (In fact, fetchmail has built-in ssh support.) However we don't want them connecting to other places pretending to be us, or using the feature to dig around inside the system's private network, etc. etc. This patch makes the existing permitopen="host:port" authorized_keys file option available in sshd_config, enabling the administrator to make it a global restriction rather than a per-key restriction. Any comments and suggested improvements are welcome. In particular, I'm not entirely sure that I have connected the pieces u...
2017 May 08
2
[PATCH] / permitgwports / permitlisten
...tps://bugzilla.mindrot.org/show_bug.cgi?id=2711 Your patch, I see is available there too https://bugzilla.mindrot.org/show_bug.cgi?id=2716 Anyhow, just drawing attention of these 2 patches together ? they?re similar, though not identical. Ours also changes the behavior of permitopen. Your approaches looks very familiar, it felt like deja vu. Thanks, Devin
2014 Nov 25
0
[Bug 1513] CIDR address/masklen matching support for permitopen=
https://bugzilla.mindrot.org/show_bug.cgi?id=1513 --- Comment #27 from VP <vladimir at arobas.net> --- Ryan, have you looked at patching version 6? :) -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
2015 Mar 02
0
[Bug 1513] CIDR address/masklen matching support for permitopen=
https://bugzilla.mindrot.org/show_bug.cgi?id=1513 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|2266 | --- Comment #28 from Damien Miller <djm at mindrot.org> --- OpenSSH 6.8 is approaching release
2015 Mar 02
0
[Bug 1513] CIDR address/masklen matching support for permitopen=
https://bugzilla.mindrot.org/show_bug.cgi?id=1513 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2360 --- Comment #29 from Damien Miller <djm at mindrot.org> --- Retarget to 6.9 -- You are
2015 May 25
0
[Bug 1513] CIDR address/masklen matching support for permitopen=
https://bugzilla.mindrot.org/show_bug.cgi?id=1513 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|2360 |2403 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You
2015 Aug 11
0
[Bug 1513] CIDR address/masklen matching support for permitopen=
https://bugzilla.mindrot.org/show_bug.cgi?id=1513 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2443 --- Comment #30 from Damien Miller <djm at mindrot.org> --- Retarget pending bugs to