On 2015-11-26 05:39, Ángel González wrote:
On 25/11/15 16:59, Tinker wrote:
Hi!
I tried with all available options to disable forwarding-only
connections, by:
"AllowAgentForwarding no
AllowTcpForwarding no"
This had no effect, so what I got in effect was dummy connections.
I would like to disable this "class" of connections altogether. The
outcome will be that all authenticated connections will lead to a
command, be it /usr/libexec/sftp-server or other.
So something like "ForwardingOnlyConnections on/off".
Would you be interested in adding this to your next release?
Thanks!
I don't think the ssh protocols allows that. You first authenticate,
and only then you create the different channels. Also, it would be
possible to create a pty channel, then a forwarding, then close the
first channel.
Do you want to allow forwardings for "command connections"?
Angel,
Yes - actually my whole problem is that ForceCommand is invoked for
*all* SSH connections, *except* for the forwarding-only connections.
Maybe another solution would be to add an option so that ForceCommand
always is run, e.g. for /bin/noop on all non-SFTP non-shell non-command
connections.
Thanks!
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev