[Bug 1857] New: [RFE] restrict port forwarding to localhost
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Feb 11 00:36:19 EST 2011
https://bugzilla.mindrot.org/show_bug.cgi?id=1857
Summary: [RFE] restrict port forwarding to localhost
Product: Portable OpenSSH
Version: 5.8p1
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: ossman at cendio.se
In a nutshell, I'd very much like to see something like GatewayPort for
PermitOpen, restricting clients to just services on the machine with
sshd.
Currently PermitOpen can only do this if you also specify a certain
port. I'd like to allow any port (it is dynamically selected), but
prevent people from using the sshd machine as a springboard to other
machines. The users will not get a shell, instead ssh is essentially a
VPN layer to get access to more insecure network services on the
machine.
Bug 1513 might be related, although the focus there is on networks
instead of ports. My usecase is limited to restricting to localhost.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list