Patch to allow gatewaying of remote forwarded ports
Lincoln Stein
lstein at cshl.org
Mon Dec 10 03:35:37 EST 2001
I was worried about that too, but the current behavior is if the server says
gatewayports "yes", then all ports are remotely accessible regardless of what
the client wants.
Lincoln
On Sunday 09 December 2001 08:42, Markus Friedl wrote:
> On Sat, Dec 08, 2001 at 12:03:45AM -0500, Lincoln Stein wrote:
> > Enclosed is a patch against the "portable" OpenSSH version 3.02p1. It
> > enables the -g switch when applied to -R (remote) forwardings. This
> > allows remote hosts to connect to forwarded ports on the sshd host.
>
> + gateway_ports = (strncmp(listen_address,"0.0.0.0",7) == 0) ||
> options.gateway_ports;
>
> this would violate the policy of the server.
>
> if the sshd_config says: gatewayports==no, then the
> socket should be bound to 127.0.0.1 only, regardless
> of what the client wants.
>
> gateway_ports = options.gateway_ports &&
> (strncmp(listen_address,"0.0.0.0",7) == 0);
>
> would be correct.
--
========================================================================
Lincoln D. Stein Cold Spring Harbor Laboratory
lstein at cshl.org Cold Spring Harbor, NY
NOW HIRING BIOINFORMATICS POSTDOCTORAL FELLOWS AND PROGRAMMERS.
PLEASE WRITE FOR DETAILS.
========================================================================
More information about the openssh-unix-dev
mailing list