Re: How disable forwarding-only connections (i.e. non-shell/command non-sftp connections)? (Maybe this is a feature request!)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Tinker wrote:
> I tried with all available options to disable forwarding-only
> connections, by:
>
> "AllowAgentForwarding no
> AllowTcpForwarding no"
>
> This had no effect, so what I got in effect was dummy connections.

The above two options combined with X11Forwarding no added to your
sshd_config will disallow all forwarding.

Please explain what you mean by "dummy" above?


> I would like to disable this "class" of connections altogether.

Note that a forwarding is not a connection, but a channel. One
connection can have several channels.


> The outcome will be that all authenticated connections will lead to
> a command, be it /usr/libexec/sftp-server or other.

The above three options should do just that. If it's not working as
you want then please provide debug log output from the sshd where you
have added the three above configuration statements, when a client
connects to it and is able to open a forwarding channel. That would
be a bug.


//Peter
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux