Restrict a client port-forward to 1 port
Adriana Rodean
adrya1984 at gmail.com
Fri Aug 14 16:09:31 EST 2009
Hi,
Thank you so much for the reply :)
Yes that's exactly what i want, restrict certain REMOTE port forward values.
If client X has remote port 1037 on the server then client Y should be
forbidden to do remote port-forwarding on port 1037 if client X is not
connected.
Can't it be restricted somehow with iptables or with some Linux commands?
If ssh can't i'm thinking maybe Linux can...
I mean restrict only client X (which is behind a certain ip address)
to listen to port 1037 on the server.
I'm not Linux user, and have minimal knowledge about Linux, but maybe
someone knows...
Thank you again,
Adriana
On Thu, Aug 13, 2009 at 22:00, Joseph Spenner<joseph85750 at yahoo.com> wrote:
> --- On Thu, 8/13/09, Adriana Rodean <adrya1984 at gmail.com> wrote:
>
>> Hi again,
>>
>> Maybe i didn't expressed myself right.
>> I want client X to be able to connect with this command:
>> ssh -L
>> 30300:localhost:8080 -R 1037:localhost:55555
>> Client Y to be able to connect with: ssh -L
>> 30300:localhost:8080 -R
>> 1038:localhost:55555
>> and so on
>> but client Y should be forbidden to connect with: ssh
>> -L
>> 30300:localhost:8080 -R 1037:localhost:55555
>
> From what I can tell, your goal is to restrict certain REMOTE port forward values. I do not think it is possible to place restrictions on REMOTE port forwards if port forwarding is enabled in sshd_config. In the authorized_keys, you can list 'permitopen' options, but this only applies to LOCAL port forwards.
>
>
>
>
>
More information about the openssh-unix-dev
mailing list