Bug 2751 - permitopen but for -R option
Summary: permitopen but for -R option
Status: CLOSED DUPLICATE of bug 2038
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 7.5p1
Hardware: Other All
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-28 23:29 AEST by Pablo
Modified: 2021-04-23 15:01 AEST (History)
1 user (show)

See Also:

Attachments
patch exported from github pull request (2.23 KB, patch)
2017-07-28 23:29 AEST, Pablo 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Pablo 2017-07-28 23:29:57 AEST 
Created attachment 3024 [details]
patch exported from github pull request

restricts which ports are available for a given user on a remote server when opening remote forwarding ports.

use case: NAT traversing limited to a specified port for each user
on the remote server.
on the users .ssh/authorized_keys , add: permitopen="host:port" and user's public key. it helps mitigate a DoS in case a user's private key is lost
** if no permitopen is found for the user, all ports are allowed as usual
useful to limit tunneling for nat traversing to a specified port on a by user base
Comment 1 Damien Miller 2018-05-25 13:34:43 AEST 

*** This bug has been marked as a duplicate of bug 2038 ***
Comment 2 Damien Miller 2021-04-23 15:01:29 AEST 
closing resolved bugs as of 8.6p1 release