implementing port forward restrictions
Markus Friedl
markus.friedl at informatik.uni-erlangen.de
Fri Nov 24 06:40:41 EST 2000
for -R or -L style forwarding?
these kind of policy configurations should be implmented
with keynote (see rfc2704).
-markus
On Wed, Nov 22, 2000 at 02:14:52PM -0800, michael salmon wrote:
> hi folks,
> right now im implementing a quick hack to restrict ports the server will
> allow to be forwarded. This is to heighten security from clients accessing a
> server behind a firewall and as far as I could tell this is not possible with
> ssh so far.
> I think this is a reasonable feature for a release and shouldnt be too hard
> to implement in a way that follows the setup already used in the config and
> sshd handling of connections. I searched the mailing-list archives and found
> a few small references to it but none implied it was being worked on.
> When I finish this if the list wants the diffs I'd be happy to supply them.
> I'd like the opinion of the other developers as to a key in the sshd_config
> that would be obvious yet not too long to define the ports, and the layout.
> I was thinking
> HostAllowsPortsForwarded 143 2401 etc... space delimited numbers.
>
> cheers,
> michael salmon
>
More information about the openssh-unix-dev
mailing list