New Subsystem criteria for Match option block in OpenSSH server
Peter Stuge
peter at stuge.se
Wed May 23 10:14:36 EST 2012
Nicola Muto wrote:
>> This reparsing could also change the server state in unexpected ways,
>> for example:
>>
>> AllowTcpForwarding yes
>> Match Subsystem sftp
>> AllowTcpForwarding no
>>
>> would allow port fowarding until you sent an sftp subsystem request.
>
> Sorry Darren, but that's exactly what I expect the ssh server should
> do, reading this config. So I know what I'm doing with this kind of
> configuration.
The discussion has nothing to do with you or the needs of Ericsson.
OpenSSH behaving like the above would be absolutely retarded.
//Peter
More information about the openssh-unix-dev
mailing list