[Bug 2711] New: Patch to add permitgwport and restrict permitopen to be a default deny

Fri May 5 13:33:23 AEST 2017

https://bugzilla.mindrot.org/show_bug.cgi?id=2711

            Bug ID: 2711
           Summary: Patch to add permitgwport and restrict permitopen to
                    be a default deny
           Product: Portable OpenSSH
           Version: 7.2p2
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: devin.nate at qhrtech.com

Created attachment 2975
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2975&action=edit
Patch

This is a patch to:

1. Allow the authorized_keys file to include a new option,
permitgwport="portnum". This allows the server to control what ports a
ssh client may open using ssh -R. If there is no permitgwport, then the
client may not open any ports using ssh -R.

2. Require that authorized_keys file has a permitopen option for each
ssh -L port forwarding the client will request. In particular, if there
are no permitopen statements, do not allow any ports to be opened
(default deny), which is different from normal sshd behaviour which
will allow any ports be opened if there is no permitopen option.

Thanks,

-- 
You are receiving this mail because:
You are watching the assignee of the bug.