[Bug 3515] New: PermitRemoteOpen not behaving as expected

[bugzilla-daemon at mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=3515

            Bug ID: 3515
           Summary: PermitRemoteOpen not behaving as expected
           Product: Portable OpenSSH
           Version: 9.1p1
          Hardware: amd64
                OS: Mac OS X
            Status: NEW
          Severity: security
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: georges.chaudy at grafana.com

Hello,

I am raising this as "security" because I am unsure if this is a bug or
a feature. Sorry in advance if it's not a bug.

In short, I am struggling to restrict which hosts can be reached when
using dynamic reverse forwarding. It seems that the PermitRemoteOpen
option doesn't work as expected.

The documentation mentions :
```
RemoteForward: ... When acting as a SOCKS proxy, the destination of the
connection can be restricted by PermitRemoteOpen.
```

Unrestricted works as expected
```
$ ssh -R 33000
$$ curl --socks5 localhost:33000 https://www.google.com -I
HTTP/1.1 200 OK
```

Prohibiting all forwarding requests every hosts works as expected
```
$ ssh -R 33000 -o PermitRemoteOpen none
$$ curl --socks5 localhost:33000 www.google.com -I
curl: (97) connection to proxy closed
```

Restricting access to t work
```
$ ssh -R 33000 -o PermitRemoteOpen example.com:443
$$ curl --socks5 localhost:33000 www.google.com -I
HTTP/1.1 200 OK <--- this should fail!
```

-- 
You are receiving this mail because:
You are watching the assignee of the bug.