[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sshd_config and OpenPermit

Hello List !

On 04/05/11 17:24, Jerome BENOIT wrote:
Hello List,

On 04/05/11 16:52, Camaleón wrote:
On Wed, 04 May 2011 04:41:32 +0200, Jerome BENOIT wrote:

I am trying to restrict ssh port forwarding to one port on my Squeeze
box: my current understanding is that I may play with the OpenPermit
option in sshd_config.

You meant "PermitOpen", right? :-)


By default OpenPermit is set to `any': if I set
it to , I observed not restriction at all: all port can
still forward.

How are you testing this?

I use the script 'autossh.host' as provided by the package `autossh'from
an other box.

I think when you set "PermitOpen=host:port" you are limiting your users
to use local port forwarding on the specified host and port when they use
local port forwading.

to use or to set up ?
According to my test both does not work.

I made a missunderstanding here:
I am looking to make a REMOTE forwarding port,
while PermitOpen concerns LOCAL forwarding port.

This does not solve my problem, but I least
I understand now why this approach does not work.

On the otherhand, if I set AllowTcpForwarding to `n' ,
then OpenPermit permits no port.

Do I miss something ?

AFAIK, "AllowTcpForwarding=no" should disable both, local and remote port
forwarding (-L and -R), regardless the value of any other variable.

I got it, and `AllowTcpForwarding=no' seems to work as expected.

My aim is to permit a given user to be allowed to set only a given port,
not all ports.



Sorry for the noise,

Reply to: