OpenSSH-Client without reverse tunnel ability

Jakub Jelen jjelen at redhat.com
Mon Apr 9 22:10:32 AEST 2018


On Mon, 2018-04-09 at 13:31 +0200, Jan Bergner wrote:
> However, since there does not seem to be any reasonable alternative
> short than doing way more elaborated software development ourselves,
> these will have to do.
> Therefore, I consider this matter closed.
> 
> Thanks again to everybody who helped.

This really depends on the way how much the clients have to try to
workaround this obstacle you are going to throw under their feet.

There is a configuration option "ClearAllForwardings", which does
basically the same thing, but needs to be specified on command line
after all the other forwarding options to my understanding.

The "allowed" ssh can be wrapped in some script that makes sure this
option is passed, but as already said by others, there are other ways
how to get data out so using a bastion/jumpbox for external connections
might be the right way.

Note, that PermitTunnel is something completely different and it will
not help you in this case, because it is used for L2 and L3 tunneling
using Tunnel configuration options (not the -R ones).

-- 
Jakub Jelen
Software Engineer
Security Technologies
Red Hat, Inc.


More information about the openssh-unix-dev mailing list