Tinker wrote: > I tried with all available options to disable forwarding-only > connections, by: > > "AllowAgentForwarding no > AllowTcpForwarding no" > > This had no effect, so what I got in effect was dummy connections. The above two options combined with X11Forwarding no added to your sshd_config will disallow all forwarding. Please explain what you mean by "dummy" above? > I would like to disable this "class" of connections altogether. Note that a forwarding is not a connection, but a channel. One connection can have several channels. > The outcome will be that all authenticated connections will lead to > a command, be it /usr/libexec/sftp-server or other. The above three options should do just that. If it's not working as you want then please provide debug log output from the sshd where you have added the three above configuration statements, when a client connects to it and is able to open a forwarding channel. That would be a bug. //Peter _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev