Determining the port assigned by -R 0

Damien Miller djm at mindrot.org
Tue Oct 25 10:08:08 EST 2011


On Sun, 23 Oct 2011, Glenn Maynard wrote:

> I suppose that works, but it'd be better to do this server-side.  That way,
> the script run on the server doesn't have to trust the client to pass along
> correct information.  For example, if a client tries forwarding thousands of
> ports, the script could reliably detect that and close the connection.
> (This is a remote diagnostics script; the remote client is untrusted.)

informing a shell session on the server is impractical - there's little linkage between them and port forwarding sessions

> By the way, it'd be helpful to be able to specify eg. "PermitOpen none"; I
> ended up arriving at the same hack that this guy used:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543683.  It's minor, but
> it'd be nice to be able to do this correctly.

Yes, this should be pretty easy to add. could you please file an enhancement
request at https://bugzilla.mindrot.org/ so it doesn't get lost?

-d



More information about the openssh-unix-dev mailing list