authorized_keys options for remote forwarding
Thomas Themel
themel at iwoars.net
Fri Aug 29 22:06:02 EST 2003
Hi,
I've recently run into a situation where it I want clients (or certain
keys) to connect to an OpenSSH server and set up a remote port
forwarding channel (-R) without allowing them to do anything else.
It seems that current OpenSSH doesn't support this. I would like to
suggest the following changes to the options for authorized_keys:
* add a no-local-forwarding option that denies setup of -L channels
* add a no-remote-forwarding option that denies setup of -R channels
* make no-tcp-forwarding act like no-local-forwarding +
no-remote-forwarding
And, not required for me, but for completeness:
* add a permitremote that defines ports that the connection
may try to listen on
All these changes are seemingly trivial, but I haven't had anything to
do with the OpenSSH source code previously, so I'm probably not a good
judge of these matters.
Are there any principal arguments against implementing this changes? If
not, what's the best way to proceed, code up a patch and submit it to
this list?
ciao,
--
[*Thomas Themel*] <JonJonB> Purely in the interests of science, I have
[extended contact] replaced the word "wand" with "wang" in the first Harry
[info provided in] Potter Book. Let's see the results...
[*message header*] -> http://bash.org/?111338
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030829/0f439491/attachment.bin
More information about the openssh-unix-dev
mailing list