| Summary: | permitopen but for -R option | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Pablo <biagioni84> | ||||
| Component: | sshd | Assignee: | Assigned to nobody <unassigned-bugs> | ||||
| Status: | CLOSED DUPLICATE | ||||||
| Severity: | enhancement | CC: | djm | ||||
| Priority: | P5 | ||||||
| Version: | 7.5p1 | ||||||
| Hardware: | Other | ||||||
| OS: | All | ||||||
| Attachments: |
|
||||||
*** This bug has been marked as a duplicate of bug 2038 *** closing resolved bugs as of 8.6p1 release |
Created attachment 3024 [details] patch exported from github pull request restricts which ports are available for a given user on a remote server when opening remote forwarding ports. use case: NAT traversing limited to a specified port for each user on the remote server. on the users .ssh/authorized_keys , add: permitopen="host:port" and user's public key. it helps mitigate a DoS in case a user's private key is lost ** if no permitopen is found for the user, all ports are allowed as usual useful to limit tunneling for nat traversing to a specified port on a by user base