Fwd: Restricting port forwarding on remote server

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Dear OpenSSH-Devs,

I hope this is the correct place to ask this, if not feel free to ignore
it or forward it wherever is better suited. Thank you very much for that!

First of all, thank you for this magnificent piece of software :)

Secondly, I'd like to ask a question, as the Internet and the manuals
don't seem to have the answer. Well, they say it's not possible, but I'd
just like to make sure. So here it goes:

Is it possible to restrict the ports a certain user is able to open on a
remote server?

If I create a tunnel like this from the client side,

ssh -nNTv -o ServerAliveInterval=60 -o ServerAliveCountMax=3 -o
IdentitiesOnly=yes -o UserKnownHostsFile=$known_hosts_file -i
/etc/sshquare/id_rsa -R $port:localhost:22 $user@$host

would it be possible on the server side to restrict $port to say 10000
and deny it on all other ports. In a way that $user is only allowed to
forward a local port and bind it to 0.0.0.0:10000 but nowhere else.

I have created a Host entry on the server side that allows GatewayPorts,
because I actually want to listen on the public interface and have tried
to use a PermitOpen 10000 but as far as I have understood, this is
actually for -L forwarding and not the -R I am looking for.

Is there any way to do this?

Again, thank you very much and a happy New Year to all of you!

Cheers,
Juanito

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux