Bug 2751

Summary: permitopen but for -R option
Product: Portable OpenSSH Reporter: Pablo <biagioni84>
Component: sshdAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED DUPLICATE    
Severity: enhancement CC: djm
Priority: P5    
Version: 7.5p1   
Hardware: Other   
OS: All   
Attachments:
Description Flags
patch exported from github pull request none

Description Pablo 2017-07-28 23:29:57 AEST
Created attachment 3024 [details]
patch exported from github pull request

restricts which ports are available for a given user on a remote server when opening remote forwarding ports.

use case: NAT traversing limited to a specified port for each user
on the remote server.
on the users .ssh/authorized_keys , add: permitopen="host:port" and user's public key. it helps mitigate a DoS in case a user's private key is lost
** if no permitopen is found for the user, all ports are allowed as usual
useful to limit tunneling for nat traversing to a specified port on a by user base
Comment 1 Damien Miller 2018-05-25 13:34:43 AEST

*** This bug has been marked as a duplicate of bug 2038 ***
Comment 2 Damien Miller 2021-04-23 15:01:29 AEST
closing resolved bugs as of 8.6p1 release