[PATCH] Server specified remote bind address

Raphael Medaer raphael.medaer at escaux.com
Thu Dec 15 21:26:06 AEDT 2016

Hi OpenSSH community,

The following patch cover the use cases where sshd must force/override
remote forwarding bind address.
I'm mainly using it to force a given user listening on a loopback
address. It avoids port binding conflicts
and allow me to restrict a given group or user to a specific address.


    # sshd configuration file
    Match User remote
            GatewayPorts serverspecified

As attached file you'll find the patch which improves and implements
two options in sshd_config:

    * GatewayPorts: I added option "serverspecified" to list of
available values. When this option is given,
      sshd will override remote port forwarding to bind on server
specified address "ForwardingBindAddress".
    * ForwardingBindAddress: Defines on which address sshd must bind
when GatewayPorts = serverspecified.

The goal of this mail is (of course) to share with you the patch, but
also to get feedback about the idea
it-self and implementation as well.

Best regards,

Raphael Medaer
Product Development Engineer

Escaux, the nr 1 alternative in Unified Communication
Chaussée de Bruxelles 408, 1300 Wavre, Belgium
Direct: +3227887564
Main: +3226860900
-------------- next part --------------
A non-text attachment was scrubbed...
Name: server-specified-bind-address.patch
Type: text/x-patch
Size: 5163 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20161215/3f67d036/attachment.bin>

More information about the openssh-unix-dev mailing list