similar to: [Bug 210] can't prevent port forwarding on a per-user basis

http://bugzilla.mindrot.org/show_bug.cgi?id=210 ------- Additional Comments From markus at openbsd.org 2002-04-08 22:17 ------- check this http://www.mindrot.org/~djm/ssh-keynote/ ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=210 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |1155 nThis| | Status|ASSIGNED |RESOLVED Resolution|

http://bugzilla.mindrot.org/show_bug.cgi?id=210 Summary: can't prevent port forwarding on a per-user basis Product: Portable OpenSSH Version: -current Platform: All URL: http://reactor-core.org/security/HOWTO-Anonymous-CVS- Over-SSH OS/Version: All Status: NEW Severity: normal

http://bugzilla.mindrot.org/show_bug.cgi?id=210 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |enhancement ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=210 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED ------- Comment #5 from dtucker at zip.com.au 2006-09-28 19:25 ------- With the release of 4.4, we believe that this bug is

Works on my netbsd tinkerbox. NetBSD 5.0.2 NetBSD 5.0.2 (GENERIC) It uses rlimit. Privsep sandbox style: rlimit I also get warnings during make. fmt_scaled.c: In function 'scan_scaled': fmt_scaled.c:84: warning: array subscript has type 'char' fmt_scaled.c:111: warning: array subscript has type 'char' fmt_scaled.c:155: warning: array subscript has type 'char'

https://bugzilla.mindrot.org/show_bug.cgi?id=2322 Bug ID: 2322 Summary: please let the server enable/disable delayed compression on a per user basis Product: Portable OpenSSH Version: 3.7p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5

http://bugzilla.mindrot.org/show_bug.cgi?id=1103 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |1155 nThis| | Status|NEW |RESOLVED Resolution|

http://bugzilla.mindrot.org/show_bug.cgi?id=556 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |WORKSFORME ------- Additional Comments From djm at mindrot.org 2003-06-04 19:54

http://bugzilla.mindrot.org/show_bug.cgi?id=43 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE ------- Additional Comments From djm at mindrot.org 2002-04-17 11:12

http://bugzilla.mindrot.org/show_bug.cgi?id=244 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From djm at mindrot.org 2003-01-07 18:04

http://bugzilla.mindrot.org/show_bug.cgi?id=904 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WORKSFORME ------- Additional Comments From djm at mindrot.org 2005-02-09

https://bugzilla.mindrot.org/show_bug.cgi?id=1857 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #6 from Damien Miller <djm at mindrot.org> --- Close all resolved bugs after 7.3p1 release

Hi, This patch (relative to -HEAD) defines an API to allow sandboxing of the pre-auth privsep child and a couple of sandbox implementations. The idea here is to heavily restrict what the network-face pre-auth process can do. This was the original intent behind dropping to a dedicated uid and chrooting to an empty directory, but even this still allows a compromised slave process to make new

http://bugzilla.mindrot.org/show_bug.cgi?id=324 Summary: privsep break KRB4 auth, KRB4 TGT forwarding and AFS token forwarding Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo:

http://bugzilla.mindrot.org/show_bug.cgi?id=463 Summary: PrintLastLog doesn't work in privsep mode Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: trivial Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy:

https://bugzilla.mindrot.org/show_bug.cgi?id=1578 Summary: Remote port forwarding with a listen port of '0' only works for root user bz #1003 Product: Portable OpenSSH Version: 5.2p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd

Hi, Here is a patch to limit reverse port forwarding(-R) per user/key on the server. For example add: permitremoteopen="8023" ssh-dss AAAAB3NzaC1kc3MAAACBAOUE.. in user's ~/.ssh/authorized_keys server will limit -R to port 8023 only. an example of violation. ssh -v -R 8022:127.0.0.1:22 -i.ssh/id_dsa foo at 10.0.0.1 debug1: Remote: Server denied remote port forward request.

https://bugzilla.mindrot.org/show_bug.cgi?id=2222 Bug ID: 2222 Summary: GatewayPorts=no should not rewrite localhost addresses in port-forward requests Product: Portable OpenSSH Version: 6.5p1 Hardware: All OS: Linux Status: NEW Severity: minor Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=378 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED CC| |djm at mindrot.org, |