ServerSide ACLs for -L type port forwarding

Markus Friedl markus.friedl at informatik.uni-erlangen.de
Tue Jun 26 14:59:00 EST 2001


sshd(8)

     permitopen="host:port"
             Limit local ``ssh -L'' port forwarding such that it may only con-
             nect to the specified host and port. Multiple permitopen options
             may be applied separated by commas. No pattern matching is per-
             formed on the specified hostnames, they must be literal domains
             or addresses.


On Mon, Jun 25, 2001 at 11:49:45AM -0700, Reza Naima wrote:
> I have a need to add some server-side ACL functionality to the way ssh
> handles port forwarding.  For a first pass, I want to be able to
> restrict -L port forwarding to localhost on the server only and I want
> to be able to specify the ports on Server.
> 
> I was wondering if there would be any desire to incorporate said changes
> back into the main development tree?  If so, are there coding guildlines
> available somewere.
> 
> Thanks,
> Reza
> 
> p.s. I havn't yet subscribed to the list, so please Cc me with any
> replies
> 
> --
> /"\
> \ /  ASCII Ribbon Campaign
>  X   Against HTML Mail
> / \  and Postings



More information about the openssh-unix-dev mailing list