Bug#543683: openssh-server: allow blank PermitOpen

To: submit@bugs.debian.org
Subject: Bug#543683: openssh-server: allow blank PermitOpen
From: Adrian Bridgett <adrian@smop.co.uk>
Date: Wed, 26 Aug 2009 15:03:46 +0100
Message-id: <20090826140346.GA5081@ash.smop.co.uk>
Reply-to: adrian@smop.co.uk, 543683@bugs.debian.org

Package: openssh-server
Version: 1:5.1p1-7
Severity: wishlist

I'm trying to setup a reverse SSH box (i.e. one where people stuck
behind NAT can SSH in and initiate a tunnel back to their machine).
They use this something like this:

  ssh login@box -R 2000:localhost:22

I'm trying to lock this down as far as possible - in particular I'd
like to disable AllowTcpForwarding, however if I do this it prevents
both local _and_ remote tunnels.

Leaving AllowTcpForwarding open and setting "PermitOpen
127.0.0.1:65535" gets close - all the reverse tunnels work, but the
only local tunnel that will work is "ssh login@box -L
xxxx:localhost:65535".   

I'd like to use "PermitOpen none" (or just blank) however sshd doesn't
allow this (just checked the source code).

Thanks,

Adrian
-- 
Email: adrian@smop.co.uk  -*-  GPG key available on public key servers
Debian GNU/Linux - the maintainable distribution   -*-  www.debian.org

Reply to:

Prev by Date: Bug#343896: Workaround
Next by Date: [bts-link] source package openssh
Previous by thread: Bug#343896: Workaround
Next by thread: [bts-link] source package openssh
Index(es):
- Date
- Thread