tcpip-forward with port 0 and 'want reply'
Damien Miller
djm at mindrot.org
Thu Apr 20 18:00:54 EST 2006
On Wed, 19 Apr 2006, William Ahern wrote:
> However, it doesn't seem like OpenSSH supports this. If you request a port
> of zero, the code never 1) returns or 2) listens for the allocated port,
> even though 'want reply' is _always_ TRUE.
No, we don't support this presently. There is a patch in bugzilla but
the last time I looked it required a bit more work.
> In the process I've run into trouble w/ ForwardPermissions. I suspect
> there's a bug in the SSH 2.0 support since it doesn't keep track of
> listening hostnames, only the port. Again, there's a silent collision and
> either the permissions are too strict or too loose.
Yes, permitopen doesn't support specification of a bind_address
presently. It should "fail closed" on ambiguous matches though, so why
do you say the permissions are too loose?
-d
More information about the openssh-unix-dev
mailing list