similar to: permitopen for -R connections?

Hi all: I am running pxelinux 3.72 with the corresponding menu.c32. I am setting up console access via: serial 0 38400 console 0 The rest of the config file entries should be safe enough: display pxelinux.cfg/helpfile say . Type any key for manual boot. <F1> or <Ctrl-F> 1 for help F1 pxelinux.cfg/helpfile then the usual MENU/label commands. When I use the same

Hello all: I just downloaded and built syslinux-3.74-pre11 and installed it. I set it to boot and run on the serial port/serial console and when I switch to menu mode (by typing "menu" at the boot: prompt), it works. In the older version I got the upper left corner of the dialog box drawn and that was it. So that is terrific, thanks. However when I am on the serial console and I run

Hi all: Well it looks like my declaration of having a working menu system was a tad premature. If I enter any of the submenu's using the enter key on my keyboard, it selects (and runs) the first item on the submenu. If I type ^j instead, it enters the menu and I can scroll through the options. If I type ^M, it acts like I hit the enter key and runs the first menu item. Now in my terminal

Hi ! Here's a patch to add remote port forwarding support (protocol 2) for openssh. I have tried to test that it works like it should but a more thorough testing is needed. This patch adds both client/server support. The patch should be applied to openssh-2.1.1p4 source tree. Also included is a PortForwarding sshd_config option, new ./configure option --disable-forwarding that should make it

The patch below implements a couple of features which are useful in an environment where users do not have a regular shell login. It allows you to selectively disable certain features on a system-wide level for users with a certain shell; it also allows you to control and audit TCP forwarding in more detail. Our system is an email server with a menu for the login shell; we selectively allow port

Hi, Just a usecase that I'm sure has been covered before but just in case its not an openssh solution would be very helpful. I was trying to install software on a server that was firewalled so no outbound http connections would work. I was also tunnelling via another server. Outbound ssh connections also were a convenient option. What would have been nice would be a remote version of

http://bugzilla.mindrot.org/show_bug.cgi?id=1267 Summary: PermitOpen - Multiple forwards don't works Product: Portable OpenSSH Version: v4.5p1 Platform: ix86 OS/Version: Cygwin on NT/2k Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2711 Bug ID: 2711 Summary: Patch to add permitgwport and restrict permitopen to be a default deny Product: Portable OpenSSH Version: 7.2p2 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component:

https://bugzilla.mindrot.org/show_bug.cgi?id=2001 Bug #: 2001 Summary: Document PermitOpen none in man page Classification: Unclassified Product: Portable OpenSSH Version: -current Platform: All OS/Version: OpenBSD Status: NEW Severity: trivial Priority: P2 Component: Documentation

https://bugzilla.mindrot.org/show_bug.cgi?id=87 Yann Rouillard <yann at pleiades.fr.eu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |yann at pleiades.fr.eu.org Status|CLOSED |REOPENED Resolution|FIXED

https://bugzilla.mindrot.org/show_bug.cgi?id=2347 Bug ID: 2347 Summary: permitopen doesn't work with unix domain sockets Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3123 Bug ID: 3123 Summary: PermitOpen does not allow wildcards for hosts despite what docs say Product: Portable OpenSSH Version: 7.2p2 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd

Dear openssh-unix-dev list, in OpenSSH 5.1 you introduced CIDR address/masklen matching for "Match address" blocks in sshd_config as well as supporting CIDR matching in ~/.ssh/authorized_keys from="..." restrictions in sshd. I wonder whether CIDR address/masklen matching will be implemented for permitopen="host:port" restrictions in sshd as well, that would be quite

I have an application where a lot of end user CPE devices ssh in automatically to a central server, and are authenticated by public key, to do remote (-R) port forwarding, so we can open a connection back to a particular port on the remote device whether it's behind some NAT or firewall or whatever. I want to be certain, however, that if I open port 12345, it is connected to the correct end

I've just discovered the permitopen flag. We need such a feature for our poor man's VPN services, but this flag seems to be usable only if you generate your authorized_keys file from a database or something like that: keeping a long list of host/port combinations up to date for several users and keys is no fun. As announced before, we have developed a far more powerful mechanism for

Hi one question about the IPv6 format in permitopen=. Is this ":::/port" used anywhere else? The only documented format for literal IPv6 addresses I found was RFC 2732 as it's used in web-browsers. They specify the address as "[:::]:port" In OpenSSH this would be matched by changing "%255[^/]/%5[0-9]" to "%*[[]%255[^]]%*[]]:%5[0-9]" in the

On Wed, 27 Aug 2008, Damien Miller wrote: > On Tue, 26 Aug 2008, Peter Stuge wrote: > > On Fri, Aug 22, 2008 at 11:22:34AM +0200, Bert Courtin wrote: > > > I wonder whether CIDR address/masklen matching will be implemented > > > for permitopen="host:port" restrictions in sshd as well, that would > > > be quite beneficially (at least for me, maybe

https://bugzilla.mindrot.org/show_bug.cgi?id=2582 Bug ID: 2582 Summary: Allow PermitOpen to use a wildcard hostname with a fixed port Product: Portable OpenSSH Version: 7.2p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd

Hi, After reading the previous thread. I decided to give it a try. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543683 Here's the diff (written against openbsd -current): https://bugzilla.mindrot.org/attachment.cgi?id=2104 What I did was filling list of permitted sockets with NULL. When this list is compared against the list of connections, The local port fowardings are rejected. Any

I'd really like to get some feedback on the patch I posted to bugzilla about a month ago. https://bugzilla.mindrot.org/show_bug.cgi?id=1513#c3 This patch adds support for CIDR ranges, wildcard matches, negated matches, port ranges and makes matches for ip addresses and hostnames work interchangeably. This was done primarily by using already existing functions for from= in ssh keys.