Re: sshd_config and OpenPermit
Hello List !
On 04/05/11 17:24, Jerome BENOIT wrote:
On 04/05/11 16:52, Camaleón wrote:
On Wed, 04 May 2011 04:41:32 +0200, Jerome BENOIT wrote:
I am trying to restrict ssh port forwarding to one port on my Squeeze
box: my current understanding is that I may play with the OpenPermit
option in sshd_config.
You meant "PermitOpen", right? :-)
By default OpenPermit is set to `any': if I set
it to 127.0.0.1:12345 , I observed not restriction at all: all port can
How are you testing this?
I use the script 'autossh.host' as provided by the package `autossh'from
an other box.
I think when you set "PermitOpen=host:port" you are limiting your users
to use local port forwarding on the specified host and port when they use
local port forwading.
to use or to set up ?
According to my test both does not work.
I made a missunderstanding here:
I am looking to make a REMOTE forwarding port,
while PermitOpen concerns LOCAL forwarding port.
This does not solve my problem, but I least
I understand now why this approach does not work.
On the otherhand, if I set AllowTcpForwarding to `n' ,
then OpenPermit permits no port.
Do I miss something ?
AFAIK, "AllowTcpForwarding=no" should disable both, local and remote port
forwarding (-L and -R), regardless the value of any other variable.
I got it, and `AllowTcpForwarding=no' seems to work as expected.
My aim is to permit a given user to be allowed to set only a given port,
not all ports.
Sorry for the noise,