limiting port forwarding? (do better than just 'on' or 'off'?)

sen_ml at sen_ml at
Sat Dec 18 13:45:59 EST 1999


  i would like to be able to have users access a specific set of ports
(and no others) on a machine running an ssh daemon via
ssh's port-forwarding.

  i was thinking of doing this by not providing shell access (so using
an appropriate command="command" option in each user's authorized_keys
file), but i did not find an appropriate keyword for the sshd
configuration file to control which ports should be permitted to be
forwarded.  i know about the AllowTcpForwarding keyword, but it does
not appear to allow the granularity of control i would like, to put
it mildly ;-)

  is there currently a way to accomplish what is described above?  if
not, how hard would it be to implement the ability to limit
port-forwarding of server (the one that is running the sshd being
connected to) ports to certain specific ports?  further, would it be
difficult to do this on a per rsa key basis and/or per user basis?

  thanks for your time.

More information about the openssh-unix-dev mailing list