Two patches in Bugzilla (MaxDisplays, wildcard PermitOpen hostname) for inclusion upstream

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Greetings,

I just wanted to point out that I've submitted two patches complete with
documentation for
some very basic but (IMO) reasonable and necessary features. I'd like to
have these considered
for inclusion in the next OpenSSH release.

--
Configurable MAX_DISPLAYS value via MaxDisplays
https://bugzilla.mindrot.org/show_bug.cgi?id=2580
--
This patch allows the #define MAX_DISPLAYS value to be controlled via an
sshd_config
directive, aptly named 'MaxDisplays'. This is useful when using OpenSSH as
a multi-factor
gateway to forward X11 sessions through a centralized host, specifically
when there are
several thousand users, beyond the default max value of 1000. With this
patch, the default
value of 1000 is used unless explicitly set to another value in sshd_config


--
PermitOpen hostname wildcard
https://bugzilla.mindrot.org/show_bug.cgi?id=2582
--
This simple patch allows for a wildcard symbol to be used as the hostname
in an
sshd_config PermitOpen directive. This is useful when using OpenSSH as a
multi-factor gateway to forward access to a specific service on a large and
effectively
undefined list of hosts "behind" the multi-factor gateway. For example:

PermitOpen *:3389

This would allow an OpenSSH daemon to act as an RDP gateway when it is
impractical
to list each and every host you would like to allow RDP forwards to. The
use case here
is a network with > 1000 machines. This patch very intentionally keeps it
simple- the asterisk
is not a pattern match, it is just a symbol that means 'any host'. There is
no *.domain.com
type logic.

I'm happy to take any feedback on these patches. I've spoken with Red Hat
engineers and
they have built test RPMs for them for my environment, but they will not
officially accept
them unless upstream OpenSSH accepts them into a release.

Thanks, I appreciate the consideration. If anyone has any questions about
the value and
use cases for these patches, please feel free to let me know on or off
list.

AG
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux