Thank you for your quick response, but I want to restrict the
SSH-*client* from establishing reverse tunnels to the *outer* world.
(As
I cannot control all the SSH servers out there.)
Oh sorry, I misunderstood.
Well, then have a local SSH server that _must_ be used to get to outside
servers (a jumphost, and the firewall inhibits other SSH connections),
and allow only a shell and your chosen /usr/bin/ssh on that one.
Good luck on that, BTW.
Exfiltrating data can be done in so many ways...
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev