[Bug 2751] New: permitopen but for -R option
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Jul 28 23:29:57 AEST 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2751
Bug ID: 2751
Summary: permitopen but for -R option
Product: Portable OpenSSH
Version: 7.5p1
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: biagioni84 at gmail.com
Created attachment 3024
--> https://bugzilla.mindrot.org/attachment.cgi?id=3024&action=edit
patch exported from github pull request
restricts which ports are available for a given user on a remote server
when opening remote forwarding ports.
use case: NAT traversing limited to a specified port for each user
on the remote server.
on the users .ssh/authorized_keys , add: permitopen="host:port" and
user's public key. it helps mitigate a DoS in case a user's private key
is lost
** if no permitopen is found for the user, all ports are allowed as
usual
useful to limit tunneling for nat traversing to a specified port on a
by user base
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list