Re: Restricting port forwarding on remote server

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



> From: Juanito <juam@xxxxxxxxxx>
>
> If I create a tunnel like this from the client side,
>
> ssh -nNTv -o ServerAliveInterval=60 -o ServerAliveCountMax=3 -o
IdentitiesOnly=yes -o UserKnownHostsFile=$known_hosts_file -i
/etc/sshquare/id_rsa -R $port:localhost:22 $user@$host
>
> would it be possible on the server side to restrict $port to say 10000
> and deny it on all other ports. In a way that $user is only allowed to
> forward a local port and bind it to 0.0.0.0:10000 but nowhere else.
>
> I have created a Host entry on the server side that allows GatewayPorts,
> because I actually want to listen on the public interface and have tried
> to use a PermitOpen 10000 but as far as I have understood, this is
> actually for -L forwarding and not the -R I am looking for.

I'm not sure exactly what you're asking. The -R argument to ssh causes the remote sshd to forward one port back to localhost:22. What that port is depends on the value of the -R argument, which in your case is constructed using $port. But you haven't told us the value of $port in this shell when this command is executed.

Remember: The shell substitutes in the values of all the variables to create the effective command line, which contains no variable references. Then it runs ssh, giving it the argument values that are in the effective command line. ssh does *not* see any variables.

Dale

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux