How disable forwarding-only connections (i.e. non-shell/command non-sftp connections)? (Maybe this is a feature request!)
keisial at gmail.com
Thu Nov 26 08:39:57 AEDT 2015
On 25/11/15 16:59, Tinker wrote:
> I tried with all available options to disable forwarding-only
> connections, by:
> "AllowAgentForwarding no
> AllowTcpForwarding no"
> This had no effect, so what I got in effect was dummy connections.
> I would like to disable this "class" of connections altogether. The
> outcome will be that all authenticated connections will lead to a
> command, be it /usr/libexec/sftp-server or other.
> So something like "ForwardingOnlyConnections on/off".
> Would you be interested in adding this to your next release?
I don't think the ssh protocols allows that. You first authenticate, and
only then you create the different channels. Also, it would be possible
to create a pty channel, then a forwarding, then close the first channel.
Do you want to allow forwardings for "command connections"?
More information about the openssh-unix-dev