Re: OpenSSH-Client without reverse tunnel ability

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Mon, 2018-04-09 at 13:31 +0200, Jan Bergner wrote:
> However, since there does not seem to be any reasonable alternative
> short than doing way more elaborated software development ourselves,
> these will have to do.
> Therefore, I consider this matter closed.
> 
> Thanks again to everybody who helped.

This really depends on the way how much the clients have to try to
workaround this obstacle you are going to throw under their feet.

There is a configuration option "ClearAllForwardings", which does
basically the same thing, but needs to be specified on command line
after all the other forwarding options to my understanding.

The "allowed" ssh can be wrapped in some script that makes sure this
option is passed, but as already said by others, there are other ways
how to get data out so using a bastion/jumpbox for external connections
might be the right way.

Note, that PermitTunnel is something completely different and it will
not help you in this case, because it is used for L2 and L3 tunneling
using Tunnel configuration options (not the -R ones).

-- 
Jakub Jelen
Software Engineer
Security Technologies
Red Hat, Inc.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux