search for: permitremoteopen

Hi, Here is a patch to limit reverse port forwarding(-R) per user/key on the server. For example add: permitremoteopen="8023" ssh-dss AAAAB3NzaC1kc3MAAACBAOUE.. in user's ~/.ssh/authorized_keys server will limit -R to port 8023 only. an example of violation. ssh -v -R 8022:127.0.0.1:22 -i.ssh/id_dsa foo at 10.0.0.1 debug1: Remote: Server denied remote port forward request. debug1: remote forward...

https://bugzilla.mindrot.org/show_bug.cgi?id=2038 Priority: P5 Bug ID: 2038 Assignee: unassigned-bugs at mindrot.org Summary: permitopen functionality but for remote forwards Severity: enhancement Classification: Unclassified OS: Other Reporter: damonswirled at gmail.com Hardware: Other

...atch (no support for a servconf option "PermitListen" yet), because I wanted to get early feedback before continuing. Do you think this approach is correct? Would this be a desirable feature? Is "permitlisten" the correct name for this? Or would "permitropen", "permitremoteopen" be better suited? Best, Philipp Heckel WIP branch/pull: https://github.com/openssh/openssh-portable/pull/65 Mailing list: http://lists.mindrot.org/pipermail/openssh-unix-dev/2017-May/036000.html -- You are receiving this mail because: You are watching the assignee of the bug.

...itiating) ssh command is still running: $ ps ax | grep ssh 4712 ? Ss 0:00 /usr/bin/ssh-agent cinnamon-session-cinnamon 543871 pts/18 S+ 0:00 ssh -o ClearAllForwardings=yes -o ForwardAgent=no -o ForwardX11=no -o ForwardX11Trusted=no -o GatewayPorts=no -o PermitLocalCommand=no -o PermitRemoteOpen=none -o UpdateHostKeys=no -o BatchMode=yes foo.grid.lrz.de set -e unset -v IFS export PATH='/usr/bin:/bin' export LC_ALL='C' cd / sleep 400 p="/tmp/x509up_u$(id -u)"...

https://bugzilla.mindrot.org/show_bug.cgi?id=3480 Bug ID: 3480 Summary: tracking bug for openssh-9.1 Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Keywords: meta Severity: enhancement Priority: P5 Component: Miscellaneous Assignee:

...remote host supports " "it, a Unix domain socket path. If forwarding to a specific destination then " "remote forwarding will be established as a SOCKS proxy. When acting as a " "SOCKS proxy the destination of the connection can be restricted by E<.Cm " "PermitRemoteOpen>." Issue: user known hosts files ? users known_hosts files "If this flag is set to E<.Dq accept-new> then ssh will automatically add new " "host keys to the user known hosts files, but will not permit connections to " "hosts with changed host keys. If this...