Determining the port assigned by -R 0

Damien Miller djm at
Tue Oct 25 10:08:08 EST 2011

On Sun, 23 Oct 2011, Glenn Maynard wrote:

> I suppose that works, but it'd be better to do this server-side.  That way,
> the script run on the server doesn't have to trust the client to pass along
> correct information.  For example, if a client tries forwarding thousands of
> ports, the script could reliably detect that and close the connection.
> (This is a remote diagnostics script; the remote client is untrusted.)

informing a shell session on the server is impractical - there's little linkage between them and port forwarding sessions

> By the way, it'd be helpful to be able to specify eg. "PermitOpen none"; I
> ended up arriving at the same hack that this guy used:
>  It's minor, but
> it'd be nice to be able to do this correctly.

Yes, this should be pretty easy to add. could you please file an enhancement
request at so it doesn't get lost?


More information about the openssh-unix-dev mailing list