Disabling specific port-forwarding

Damien Miller djm at mindrot.org
Mon Mar 9 07:42:52 EST 2009


On Sun, 8 Mar 2009, Tiago Marques wrote:

> On 25 Fev, 14:59, pe... at stuge.se (Peter Stuge) wrote:
> > Tiago Marques wrote:
> > > What can I do? I want to open all ports to some users but limit
> > > some for the rest(3-4 different user accounts).
> >
> > One way is to use permitopen= in authorized_keys. Then you even get
> >a
>
> > setting per key.
>
> AFAIK, this is done in the user accounts authorized_keys file and,
> hence, not secure.
>
> >From what I've read on the web, I need to set the immutable flag on
> the file, so it is secure. Can't this be done in a better way?

PermitOpen is supported in sshd_config for a few releases now.

-d


More information about the openssh-unix-dev mailing list