https://bugzilla.mindrot.org/show_bug.cgi?id=2842
Bug ID: 2842
Summary: PermitListen, like PermitOpen but for -R (remote port
forwarding)
Product: Portable OpenSSH
Version: 7.6p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: [email protected]
Reporter: [email protected]
I made a setup where several road warriors (varying IP's) connect to
home base and forward one port each to their local SSH ports, i.e:
"ssh rw1002@homebase -n -N -R 5002:localhost:22"
"ssh rw1003@homebase -n -N -R 5003:localhost:22"
I can not find an option to restrict user rw1002 from forwarding port
5003, or for that matter stealing port 1080 or 8080 or whatever else
local services might be configured to use if they're not running at the
time. Several important things use ports >=1024 these days.
PermitOpen restricts destinations for forwarding with -L
I'm missing a similar option for -R
Example:
Match User rw1002
PermitListen 5002
Match User rw1003
PermitListen 0.0.0.0:5003
Match User rw1004
PermitListen localhost:5004
Similarly, having the option to do this in authorized_keys files would,
I think, be awesome.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
