[Bug 3515] New: PermitRemoteOpen not behaving as expected

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Dec 31 02:42:43 AEDT 2022


            Bug ID: 3515
           Summary: PermitRemoteOpen not behaving as expected
           Product: Portable OpenSSH
           Version: 9.1p1
          Hardware: amd64
                OS: Mac OS X
            Status: NEW
          Severity: security
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: georges.chaudy at grafana.com


I am raising this as "security" because I am unsure if this is a bug or
a feature. Sorry in advance if it's not a bug.

In short, I am struggling to restrict which hosts can be reached when
using dynamic reverse forwarding. It seems that the PermitRemoteOpen
option doesn't work as expected.

The documentation mentions :
RemoteForward: ... When acting as a SOCKS proxy, the destination of the
connection can be restricted by PermitRemoteOpen.

Unrestricted works as expected
$ ssh -R 33000
$$ curl --socks5 localhost:33000 https://www.google.com -I
HTTP/1.1 200 OK

Prohibiting all forwarding requests every hosts works as expected
$ ssh -R 33000 -o PermitRemoteOpen none
$$ curl --socks5 localhost:33000 www.google.com -I
curl: (97) connection to proxy closed

Restricting access to t work
$ ssh -R 33000 -o PermitRemoteOpen example.com:443
$$ curl --socks5 localhost:33000 www.google.com -I
HTTP/1.1 200 OK <--- this should fail!

You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list