implementing port forward restrictions

Markus Friedl markus.friedl at informatik.uni-erlangen.de
Fri Nov 24 06:40:41 EST 2000


for -R or -L style forwarding?

these kind of policy configurations should be implmented
with keynote (see rfc2704).

-markus

On Wed, Nov 22, 2000 at 02:14:52PM -0800, michael salmon wrote:
> hi folks,
> right now im implementing a quick hack to restrict ports the server will 
> allow to be forwarded. This is to heighten security from clients accessing a 
> server behind a firewall and as far as I could tell this is not possible with 
> ssh so far. 
> I think this is a reasonable feature for a release and shouldnt be too hard 
> to implement in a way that follows the setup already used in the config and 
> sshd handling of connections. I searched the mailing-list archives and found 
> a few small references to it but none implied it was being worked on.
> When I finish this if the list wants the diffs I'd be happy to supply them. 
> I'd like the opinion of the other developers as to a key in the sshd_config 
> that would be obvious yet not too long to define the ports, and the layout.
> I was thinking 
> HostAllowsPortsForwarded 143 2401 etc... space delimited numbers.
> 
> cheers,
> michael salmon
> 





More information about the openssh-unix-dev mailing list