Re: How disable forwarding-only connections (i.e. non-shell/command non-sftp connections)? (Maybe this is a feature request!)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 25/11/15 16:59, Tinker wrote:
Hi!

I tried with all available options to disable forwarding-only connections, by:

"AllowAgentForwarding no
AllowTcpForwarding no"

This had no effect, so what I got in effect was dummy connections.

I would like to disable this "class" of connections altogether. The outcome will be that all authenticated connections will lead to a command, be it /usr/libexec/sftp-server or other.

So something like "ForwardingOnlyConnections on/off".

Would you be interested in adding this to your next release?

Thanks!
I don't think the ssh protocols allows that. You first authenticate, and only then you create the different channels. Also, it would be possible to create a pty channel, then a forwarding, then close the first channel.
Do you want to allow forwardings for "command connections"?


_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux