similar to: [Bug 1857] New: [RFE] restrict port forwarding to localhost

https://bugzilla.mindrot.org/show_bug.cgi?id=1513 Summary: CIDR address/masklen matching support for permitopen= Product: Portable OpenSSH Version: 5.1p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=1857 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #6 from Damien Miller <djm at mindrot.org> --- Close all resolved bugs after 7.3p1 release

Hi, Is there a way to restrict port forwarding on the server? I want only port 8080 on the server to be available to clients. Example when i give this command clients should be able to connect: ssh -L 30300:localhost:8080 .... When i give this for example clients should not be able to connect: ssh -L 30300:localhost:4040 .... I tried this option in config file of server: PermitOpen

Here's another patch for people providing ssh access to restricted environments. We allow our users to use port forwarding when logging into our mail servers so that they can use it to fetch mail over an encrypted channel using clients that don't support TLS, for example fetchmail. (In fact, fetchmail has built-in ssh support.) However we don't want them connecting to other places

https://bugzilla.mindrot.org/show_bug.cgi?id=2846 Bug ID: 2846 Summary: PermitOpen rule in sshd_config is not case insensitive Product: Portable OpenSSH Version: 7.6p1 Hardware: Other OS: Linux Status: NEW Severity: major Priority: P5 Component: sshd Assignee: unassigned-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=1800 Summary: PermitUserEnvironment accepting pattern of allowed userenv variables Product: Portable OpenSSH Version: 5.5p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo:

http://bugzilla.mindrot.org/show_bug.cgi?id=1267 Summary: PermitOpen - Multiple forwards don't works Product: Portable OpenSSH Version: v4.5p1 Platform: ix86 OS/Version: Cygwin on NT/2k Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=1402 Summary: [RFE] Support auditing through Linux Audit subsystem Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: Other OS/Version: Linux Status: NEW Keywords: patch Severity: normal Priority: P2 Component: sshd

Hi, Is it possible to restrict a client port-forwarding to one port? For example i want client X to open only port 1037 on server through port-forwarding, client Y only port 1038 and so on... How can this be possible? I use private/public keys authentication. Client version is openssh3.8p1, is windows client, and server version is latest openssh on a linux machine. Can anyone help please? Thank

https://bugzilla.mindrot.org/show_bug.cgi?id=3159 Bug ID: 3159 Summary: authorized_keys: gap in port forwarding restrictions Product: Portable OpenSSH Version: 8.0p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=1949 Bug #: 1949 Summary: PermitOpen none option Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: OpenBSD Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo:

https://bugzilla.mindrot.org/show_bug.cgi?id=1833 Summary: incorrect completion of quoted directory Product: Portable OpenSSH Version: 5.6p1 Platform: All OS/Version: All Status: NEW Severity: minor Priority: P2 Component: sftp AssignedTo: unassigned-bugs at mindrot.org ReportedBy: djm at

https://bugzilla.mindrot.org/show_bug.cgi?id=2711 Bug ID: 2711 Summary: Patch to add permitgwport and restrict permitopen to be a default deny Product: Portable OpenSSH Version: 7.2p2 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component:

AFAIK everything you described here could be done using the AuthorizedKeysCommand or AuthorizedPrincipalsCommand directives. These can emit authorized_keys options (inc. permitopen) as well as the allowed keys/principals. On Sun, 12 Nov 2023, Bret Giddings wrote: > Hi OpenSSH devs, > > I?m wondering if the following has any merit and can be done securely ... > > If you could

https://bugzilla.mindrot.org/show_bug.cgi?id=1870 Summary: Do not show VisualHostKey unless attached to a terminal Product: Portable OpenSSH Version: 5.5p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=1542 Summary: Send echo on/off flag to SSH_ASKPASS Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org ReportedBy: t8m at

Hi OpenSSH devs, I?m wondering if the following has any merit and can be done securely ... If you could match on principals in the sshd_config, then (for example) on a gateway machine, you could have something like /etc/ssh/authorized_keys/sshfwd: cert-authority,principals=?batcha-fwd,batchb-fwd? ... /etc/ssh/sshd_config containing: Match User sshfwd PubkeyAuthentication yes

Dear openssh-unix-dev list, in OpenSSH 5.1 you introduced CIDR address/masklen matching for "Match address" blocks in sshd_config as well as supporting CIDR matching in ~/.ssh/authorized_keys from="..." restrictions in sshd. I wonder whether CIDR address/masklen matching will be implemented for permitopen="host:port" restrictions in sshd as well, that would be quite

https://bugzilla.mindrot.org/show_bug.cgi?id=1798 Summary: Add fsync() support to sftp/sftp-server Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sftp-server AssignedTo: unassigned-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=1552 Summary: Patch to log tunnel information Product: Portable OpenSSH Version: 5.1p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jblaine at