Hi, Thank you so much all for the suggestions :))) Same as Peter i believe that this should be a feature of OpenSSH, restrict not only local port along with a public key, but remote port also. This will solve my problem. So please if someone can implement this would be great... In the meantime i will try handle with Linux suggestions... Problem with this approach is that all my clients connect to server with same user. And from your suggestions i see that i can bind a port to an user to do the restriction. Is there any other way to do this? Like bind ip of the client with a port? Right now only way to identify uniquely a client in my server is by it's public key in authorized_keys, that's why this feature would of been nice in ssh to be implemented ... Thank you so much all, Adriana On Sun, Aug 16, 2009 at 01:15, Peter Stuge<peter@xxxxxxxx> wrote: > Hi Adriana, > > Adriana Rodean wrote: >> If ssh can't i'm thinking maybe Linux can... >> I mean restrict only client X (which is behind a certain ip >> address) to listen to port 1037 on the server. > > No, if this is going to happen it has to happen in the SSH server. > > OpenSSH can do this if each client has their own private SSH key, and > are using it for authentication. > > As was suggested you would then disable all other authentication > methods than publickey in sshd, disallow generic port forwarding, and > include a permitopen directive for each client public key in > ~/.ssh/authorized_keys > > If you wish for it to function differently, keep in mind that one > really wonderful property of open source software such as OpenSSH > (and Linux) is that you yourself, or a contractor, can implement the > functionality you desire, exactly the way you like it. Of course it > is appreciated if any changes are made in agreement with developers, > and contributed back (posted to this mailing list) once finished. > > > //Peter > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >