Security suggestion concering SSH and port forwarding.

Damien Miller djm at mindrot.org
Tue Jan 20 13:46:49 EST 2004


Ben Lindstrom wrote:


>>scponly does sort of imply, um, scp only.  Perhaps supporting the pubkey
>>permissions flags in sshd_config on a per-user basis might be feasible?
> 
> It is my understanding that such a patch exists in a form of linking
> OpenSSH to Keynotes.  However, I've never played with it.  <shrug>  Like
> with most open source projects.. One hacks what affects them and what they
> enjoy hacking on.

I wrote a patch to add systemwide and per-user KeyNote policies a few
years ago. It would need a lot of cleanup to work in today's privilege
separated world.

-d




More information about the openssh-unix-dev mailing list