Restrict a client port-forward to 1 port

Joseph Spenner joseph85750 at yahoo.com
Fri Aug 14 05:00:13 EST 2009


--- On Thu, 8/13/09, Adriana Rodean <adrya1984 at gmail.com> wrote:

> Hi again,
> 
> Maybe i didn't expressed myself right.
> I want client X to be able to connect with this command:
> ssh -L
> 30300:localhost:8080 -R 1037:localhost:55555
> Client Y to be able to connect with: ssh -L
> 30300:localhost:8080 -R
> 1038:localhost:55555
> and so on
> but client Y should be forbidden to connect with:  ssh
> -L
> 30300:localhost:8080 -R 1037:localhost:55555

From what I can tell, your goal is to restrict certain REMOTE port forward values.  I do not think it is possible to place restrictions on REMOTE port forwards if port forwarding is enabled in sshd_config.  In the authorized_keys, you can list 'permitopen' options, but this only applies to LOCAL port forwards.



      


More information about the openssh-unix-dev mailing list