[PATCH] permitremoteopen - to limit remote port forwarding per user
Antony Antony
antony at phenome.org
Fri Jun 20 04:17:50 EST 2014
Hi,
Here is a patch to limit reverse port forwarding(-R) per user/key on the server.
For example add:
permitremoteopen="8023" ssh-dss AAAAB3NzaC1kc3MAAACBAOUE..
in user's ~/.ssh/authorized_keys server will limit -R to port 8023 only.
an example of violation.
ssh -v -R 8022:127.0.0.1:22 -i.ssh/id_dsa foo at 10.0.0.1
debug1: Remote: Server denied remote port forward request.
debug1: remote forward failure for: listen 8022, connect 127.0.0.1:22
Warning: remote port forwarding failed for listen port 8022
and
ssh -v -R 8023:127.0.0.1:22 -i.ssh/id_dsa foo at 10.0.0.1
will forward the port.
The patch should work on 6.6p1, 6.5p1, 6.4p1 and 6.6
regards,
-antony
-------------- next part --------------
A non-text attachment was scrubbed...
Name: permitremoteopen.patch
Type: text/x-diff
Size: 13776 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140619/b37e81c6/attachment-0001.bin>
More information about the openssh-unix-dev
mailing list