[Bug 1857] New: [RFE] restrict port forwarding to localhost

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Feb 11 00:36:19 EST 2011


https://bugzilla.mindrot.org/show_bug.cgi?id=1857

           Summary: [RFE] restrict port forwarding to localhost
           Product: Portable OpenSSH
           Version: 5.8p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: sshd
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: ossman at cendio.se


In a nutshell, I'd very much like to see something like GatewayPort for
PermitOpen, restricting clients to just services on the machine with
sshd.

Currently PermitOpen can only do this if you also specify a certain
port. I'd like to allow any port (it is dynamically selected), but
prevent people from using the sshd machine as a springboard to other
machines. The users will not get a shell, instead ssh is essentially a
VPN layer to get access to more insecure network services on the
machine.

Bug 1513 might be related, although the focus there is on networks
instead of ports. My usecase is limited to restricting to localhost.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list