Determining the port assigned by -R 0
Damien Miller
djm at mindrot.org
Tue Oct 25 10:08:08 EST 2011
On Sun, 23 Oct 2011, Glenn Maynard wrote:
> I suppose that works, but it'd be better to do this server-side. That way,
> the script run on the server doesn't have to trust the client to pass along
> correct information. For example, if a client tries forwarding thousands of
> ports, the script could reliably detect that and close the connection.
> (This is a remote diagnostics script; the remote client is untrusted.)
informing a shell session on the server is impractical - there's little linkage between them and port forwarding sessions
> By the way, it'd be helpful to be able to specify eg. "PermitOpen none"; I
> ended up arriving at the same hack that this guy used:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543683. It's minor, but
> it'd be nice to be able to do this correctly.
Yes, this should be pretty easy to add. could you please file an enhancement
request at https://bugzilla.mindrot.org/ so it doesn't get lost?
-d
More information about the openssh-unix-dev
mailing list