Disabling specific port-forwarding

Tiago Marques tiagomnm at gmail.com
Thu Feb 26 00:33:04 EST 2009


Hi all,

I have a server where I allow some people to do SSH port forwarding for SVN,
GIT, since I need to do that to access these services in certain locations.
I can't access SVN ports in some work locations.

Thing is, I also give specific access to some user accounts, mainly git and
svn user, to some people I don't fully trust to have access to my VNC
server, which is without password since it doesn't make any sense to have it
there either way. If someone tries to do a tunnel of the VNC port with any
of the other users that not the user run the VNC session, they have full
access to that session and the computer.

The idea is to be able to limit both svn and git users to tunnel only to the
service specific port. I know I have done this once but can't seem to find
the right options now.

What can I do? I want to open all ports to some users but limit some for the
rest(3-4 different user accounts).

Best regards,

                                  Tiago Marques


More information about the openssh-unix-dev mailing list