limiting port forwarding? (do better than just 'on' or 'off'?)
sen_ml at eccosys.com
sen_ml at eccosys.com
Sat Dec 18 13:45:59 EST 1999
hello-
i would like to be able to have users access a specific set of ports
(and no others) on a machine running an ssh daemon via
ssh's port-forwarding.
i was thinking of doing this by not providing shell access (so using
an appropriate command="command" option in each user's authorized_keys
file), but i did not find an appropriate keyword for the sshd
configuration file to control which ports should be permitted to be
forwarded. i know about the AllowTcpForwarding keyword, but it does
not appear to allow the granularity of control i would like, to put
it mildly ;-)
is there currently a way to accomplish what is described above? if
not, how hard would it be to implement the ability to limit
port-forwarding of server (the one that is running the sshd being
connected to) ports to certain specific ports? further, would it be
difficult to do this on a per rsa key basis and/or per user basis?
thanks for your time.
More information about the openssh-unix-dev
mailing list