OpenSSH-Client without reverse tunnel ability

Philipp Marek philipp at marek.priv.at
Wed Apr 4 22:21:27 AEST 2018


> Thank you for your quick response, but I want to restrict the
> SSH-*client* from establishing reverse tunnels to the *outer* world. 
> (As
> I cannot control all the SSH servers out there.)
Oh sorry, I misunderstood.

Well, then have a local SSH server that _must_ be used to get to outside 
servers (a jumphost, and the firewall inhibits other SSH connections), 
and allow only a shell and your chosen /usr/bin/ssh on that one.


Good luck on that, BTW.
Exfiltrating data can be done in so many ways...



More information about the openssh-unix-dev mailing list