restricing port forwarding ports server-side
Tony Finch
dot at dotat.at
Sun Mar 16 01:50:27 EST 2003
Vincent Danen <vdanen at linsec.ca> wrote:
>
>I'm curious as to whether or not there is a way to restrict forwarded ports
>server side. For instance, I'm running an IRC server and am allowing users
>to connect via ssh forwarding (so I can take advantange of using openssh's
>public key method for authentication). Each client I tell to setup their
>~/.ssh/config in a certain way, but the relevant line is:
>
>LocalForward 6667 localhost:42000
>
>where port 42000 is what ircd is listening to on the server. This works
>great, but my concern is a user changing this to localhost:3306 to gain
>access to MySQL, which is firewalled off.
You can do this with my restricted-environment patch using appropriate
PermitTcpConnect options.
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=104387691708672
Tony.
--
f.a.n.finch <dot at dotat.at> http://dotat.at/
HUMBER: SOUTHEASTERLY 4 OR 5 DECREASING 3. FAIR. GOOD.
More information about the openssh-unix-dev
mailing list