implementing port forward restrictions
michael salmon
ms at speakeasy.org
Thu Nov 23 09:14:52 EST 2000
hi folks,
right now im implementing a quick hack to restrict ports the server will
allow to be forwarded. This is to heighten security from clients accessing a
server behind a firewall and as far as I could tell this is not possible with
ssh so far.
I think this is a reasonable feature for a release and shouldnt be too hard
to implement in a way that follows the setup already used in the config and
sshd handling of connections. I searched the mailing-list archives and found
a few small references to it but none implied it was being worked on.
When I finish this if the list wants the diffs I'd be happy to supply them.
I'd like the opinion of the other developers as to a key in the sshd_config
that would be obvious yet not too long to define the ports, and the layout.
I was thinking
HostAllowsPortsForwarded 143 2401 etc... space delimited numbers.
cheers,
michael salmon
More information about the openssh-unix-dev
mailing list