permitopen flag in authorized_keys file

Markus Friedl markus at openbsd.org
Wed Sep 12 20:29:15 EST 2001


On Mon, Aug 27, 2001 at 08:35:18PM +0200, Florian Weimer wrote:
> I've just discovered the permitopen flag.  We need such a feature for
> our poor man's VPN services, but this flag seems to be usable only if
> you generate your authorized_keys file from a database or something
> like that: keeping a long list of host/port combinations up to date
> for several users and keys is no fun.
> 
> As announced before, we have developed a far more powerful mechanism
> for controlling port forwarding, see:
> 
>         http://cert.uni-stuttgart.de/projects/openssh.php
> 
> (I'm currenty porting it to the most recent portable OpenSSH version.)
> 
> Why haven't you used this already existing code?

already existing code was used.



More information about the openssh-unix-dev mailing list