similar to: [Bug 210] can't prevent port forwarding on a per-user basis

http://bugzilla.mindrot.org/show_bug.cgi?id=210 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From djm at mindrot.org 2003-01-07 17:52 ------- I should rewrite the keynote stuff with privsep in

http://bugzilla.mindrot.org/show_bug.cgi?id=210 Summary: can't prevent port forwarding on a per-user basis Product: Portable OpenSSH Version: -current Platform: All URL: http://reactor-core.org/security/HOWTO-Anonymous-CVS- Over-SSH OS/Version: All Status: NEW Severity: normal

http://bugzilla.mindrot.org/show_bug.cgi?id=210 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |1155 nThis| | Status|ASSIGNED |RESOLVED Resolution|

http://bugzilla.mindrot.org/show_bug.cgi?id=210 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |enhancement ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=210 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED ------- Comment #5 from dtucker at zip.com.au 2006-09-28 19:25 ------- With the release of 4.4, we believe that this bug is

Hi! The current version of sshd allows to restrict keys to issue only specific commands. However, port forwarding can only be forbidden entirely. Given the following situation: A client C uses S as a POP3 server. We want to poll E-Mail via POP3 from S to A via an ssh tunnel without being asked for a password. Thus, we create a passphrase-less key pair on A, transmit the public key to S and

Hi, I'd like to bring this up again as there has been discussion about 2.4.0 patches. Getting something this big in would probably delay the release too much, but something similar should be considered for 2.5 then. A lot of people would like some control over port forwarding. Florian Weimer's patches (http://cert.uni-stuttgart.de/files/openssh/) are one, rather "big"

For us "Railers" on Mac systems we all probably watched Steve Job''s keynote at the WWDC yesterday. Was it just me, or did Steve look "sick"? I mean he has lost a lot of weight and his skin was very drawn. -- Posted via http://www.ruby-forum.com/.

In DHH''s keynote, he alluded to doing logins with REST. Has anyone implemented this, and if so, would you mind elaborating on how you did it please? Thanks in advance. -- Posted via http://www.ruby-forum.com/.

Friends, After listening to Mark Summer's keynote at Astricon (hopefully soon on the Astricon web site) I think we should come back to the discussion he started. Mark talked about using Open Source in general and Asterisk in particular in third world projects as well as in emergencies in other countries. He and Inveneo help groups of people to get a better understanding of how to build

hi folks, right now im implementing a quick hack to restrict ports the server will allow to be forwarded. This is to heighten security from clients accessing a server behind a firewall and as far as I could tell this is not possible with ssh so far. I think this is a reasonable feature for a release and shouldnt be too hard to implement in a way that follows the setup already used in the

Hello, I'm trying to set up an sftp (sshfs) service accessible to users with a normal account on a server, but which would be restricted to a subset of the directory hierarchy normally accessible to the users in question, in practice a single directory. The idea would be to allow file access to this directory with a passwordless public key, but keep rest of the users file accessible only with

Hello, Chris's "keynote" at the LLVM Developers' Conference included a call for code owners, and my company has a heavy dependency on Bitcode, I propose taking ownership of: lib/Bitcode/* include/Bitcode/* This means that I'll be committed to documenting (yay) the implementation and responsible for reviewing patches and commits, as well as overall code quality and

Apologies for cross posting.... --------------------------------------------------------------------- CART Data Mining'04: First International CART(R) Conferences Focusing on the Data Mining technology of Leo Breiman, Jerome Friedman, Richard Olshen, Charles Stone (CART, MARS(R), TreeNet(tm), PRIM(tm)...) First Call For submissions

Hello, hope you can help me. I want to encode a video, which I have exported from Keynote (a program for presentation like MS Power Point) using ffmpeg2theora for html5 web delivery. The result only plays very buggy - frames are dropped, the video hangs and vlc can not output the correct length of the ogv video. Here is the source and the result for download, if you want to reproduce it: the

I''m watching the keynotes on scribestudio. I''ve found the slides for DHH''s keynote, but can''t find anything for Dave Thomas oor Martin Fowler. Are they available at all? Pat

Hello, I'm running OpenBSD 2.9 (-rOPENBSD_2_9) on i386. Remote port forwarding doesn't work. Attached are 2 logs of ssh -v -R2828:localhost:22 localhost and sshd -p 2222 -d Note that server tries to forward to Connection to port 2828 forwarding to 0.0.0.0 port 0 requested. instead of localhost port 22 as it should. what ssh, what sshd and /etc/sshd_config are also attached. Thanks

Hi, Here is a patch to limit reverse port forwarding(-R) per user/key on the server. For example add: permitremoteopen="8023" ssh-dss AAAAB3NzaC1kc3MAAACBAOUE.. in user's ~/.ssh/authorized_keys server will limit -R to port 8023 only. an example of violation. ssh -v -R 8022:127.0.0.1:22 -i.ssh/id_dsa foo at 10.0.0.1 debug1: Remote: Server denied remote port forward request.

An LLVM Performance Workshop will be held at CGO 2017. The workshop is co-located with CC, HPCA, and PPoPP. If you are interested in attending the workshop, please register at the CGO website: http://cgo.org/cgo2017/workshops.html Call for Speakers We invite speakers from academia and industry to present their work on the following list of topics (including and not limited to:) - improving

Tanya, Was there any video taken of Chris's keynote? Joe Joe Abbey Director of S/W Development Arxan Technologies, Inc. 1305 Cumberland Ave, Ste 215 West Lafayette, IN 47906 jabbey at arxan.com www.arxan.com On Jan 3, 2012, at 2:24 PM, Tanya Lattner wrote: > As some of you may have noticed, all the slides and videos have been uploaded to the website: >