[Bug 1949] New: PermitOpen none option
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sun Nov 6 19:51:23 EST 2011
https://bugzilla.mindrot.org/show_bug.cgi?id=1949
Bug #: 1949
Summary: PermitOpen none option
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.9p1
Platform: All
OS/Version: OpenBSD
Status: NEW
Severity: enhancement
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: loganaden at gmail.com
Created attachment 2104
--> https://bugzilla.mindrot.org/attachment.cgi?id=2104
permitopen_none option diff
>From debian bug tracker:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543683
Package: openssh-server
Version: 1:5.1p1-7
Severity: wishlist
I'm trying to setup a reverse SSH box (i.e. one where people stuck
behind NAT can SSH in and initiate a tunnel back to their machine).
They use this something like this:
ssh login at box -R 2000:localhost:22
I'm trying to lock this down as far as possible - in particular I'd
like to disable AllowTcpForwarding, however if I do this it prevents
both local _and_ remote tunnels.
Leaving AllowTcpForwarding open and setting "PermitOpen
127.0.0.1:65535" gets close - all the reverse tunnels work, but the
only local tunnel that will work is "ssh login at box -L
xxxx:localhost:65535".
I'd like to use "PermitOpen none" (or just blank) however sshd doesn't
allow this (just checked the source code).
Thanks,
Adrian
--
Email: adrian at smop.co.uk -*- GPG key available on public key servers
Debian GNU/Linux - the maintainable distribution -*- www.debian.org
I thought I'd give it a try.
I added a new function that populates list of allowed sockets
with NULL, and also added the permitopen none option.
Any feedback on how to improve the code would be nice :-)
//Logan
C-x-C-c
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list