Greetings, I just wanted to point out that I've submitted two patches complete with documentation for some very basic but (IMO) reasonable and necessary features. I'd like to have these considered for inclusion in the next OpenSSH release. -- Configurable MAX_DISPLAYS value via MaxDisplays https://bugzilla.mindrot.org/show_bug.cgi?id=2580 -- This patch allows the #define MAX_DISPLAYS value to be controlled via an sshd_config directive, aptly named 'MaxDisplays'. This is useful when using OpenSSH as a multi-factor gateway to forward X11 sessions through a centralized host, specifically when there are several thousand users, beyond the default max value of 1000. With this patch, the default value of 1000 is used unless explicitly set to another value in sshd_config -- PermitOpen hostname wildcard https://bugzilla.mindrot.org/show_bug.cgi?id=2582 -- This simple patch allows for a wildcard symbol to be used as the hostname in an sshd_config PermitOpen directive. This is useful when using OpenSSH as a multi-factor gateway to forward access to a specific service on a large and effectively undefined list of hosts "behind" the multi-factor gateway. For example: PermitOpen *:3389 This would allow an OpenSSH daemon to act as an RDP gateway when it is impractical to list each and every host you would like to allow RDP forwards to. The use case here is a network with > 1000 machines. This patch very intentionally keeps it simple- the asterisk is not a pattern match, it is just a symbol that means 'any host'. There is no *.domain.com type logic. I'm happy to take any feedback on these patches. I've spoken with Red Hat engineers and they have built test RPMs for them for my environment, but they will not officially accept them unless upstream OpenSSH accepts them into a release. Thanks, I appreciate the consideration. If anyone has any questions about the value and use cases for these patches, please feel free to let me know on or off list. AG _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
