Hi, Thank you so much for the reply :) Yes that's exactly what i want, restrict certain REMOTE port forward values. If client X has remote port 1037 on the server then client Y should be forbidden to do remote port-forwarding on port 1037 if client X is not connected. Can't it be restricted somehow with iptables or with some Linux commands? If ssh can't i'm thinking maybe Linux can... I mean restrict only client X (which is behind a certain ip address) to listen to port 1037 on the server. I'm not Linux user, and have minimal knowledge about Linux, but maybe someone knows... Thank you again, Adriana On Thu, Aug 13, 2009 at 22:00, Joseph Spenner<joseph85750@xxxxxxxxx> wrote: > --- On Thu, 8/13/09, Adriana Rodean <adrya1984@xxxxxxxxx> wrote: > >> Hi again, >> >> Maybe i didn't expressed myself right. >> I want client X to be able to connect with this command: >> ssh -L >> 30300:localhost:8080 -R 1037:localhost:55555 >> Client Y to be able to connect with: ssh -L >> 30300:localhost:8080 -R >> 1038:localhost:55555 >> and so on >> but client Y should be forbidden to connect with: ssh >> -L >> 30300:localhost:8080 -R 1037:localhost:55555 > > From what I can tell, your goal is to restrict certain REMOTE port forward values. I do not think it is possible to place restrictions on REMOTE port forwards if port forwarding is enabled in sshd_config. In the authorized_keys, you can list 'permitopen' options, but this only applies to LOCAL port forwards. > > > > >