Selectively allowing port forwards
Damien Miller
djm at mindrot.org
Tue Apr 4 14:10:25 EST 2000
On Mon, 3 Apr 2000, Marc Haber wrote:
> Hi!
>
> The current version of sshd allows to restrict keys to issue only
> specific commands. However, port forwarding can only be forbidden
> entirely.
>
> Given the following situation: A client C uses S as a POP3 server. We
> want to poll E-Mail via POP3 from S to A via an ssh tunnel without
> being asked for a password. Thus, we create a passphrase-less key pair
> on A, transmit the public key to S and insert it into
> ~account/.ssh/authorized_keys. Only command allowed is "sleep" to keep
> the connection open while the poll is doing through via a forwarded
> port.
>
> That way, one taking posession of the private key can "only" use S for
> arbitrary port forwards and do not have shell access to S.
>
> I feel it would be desireable to restrict a key to "only do port
> forwards to localhost:110". Would it be possible to have something
> like that implemented in a future release?
I have been toying with the idea of implementing Keynote[1] policies
as a substitute for authorized_keys.
Keynote is nice because it solves the delegation problem well, but I
couldn't figure out a way to cleanly support forced commands and port
forward restrictions with the current Keynote language.
-d
[1] http://www.cis.upenn.edu/~angelos/keynote.html
--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)
More information about the openssh-unix-dev
mailing list