Re: Restrict a client port-forward to 1 port
- From: Adriana Rodean <adrya1984@xxxxxxxxx>
- Date: Mon, 17 Aug 2009 09:29:39 +0300
Thank you so much all for the suggestions :)))
Same as Peter i believe that this should be a feature of OpenSSH,
restrict not only local port along with a public key, but remote port
also. This will solve my problem. So please if someone can implement
this would be great...
In the meantime i will try handle with Linux suggestions...
Problem with this approach is that all my clients connect to server
with same user. And from your suggestions i see that i can bind a port
to an user to do the restriction.
Is there any other way to do this? Like bind ip of the client with a port?
Right now only way to identify uniquely a client in my server is by
it's public key in authorized_keys, that's why this feature would of
been nice in ssh to be implemented ...
Thank you so much all,
On Sun, Aug 16, 2009 at 01:15, Peter Stuge<peter@xxxxxxxx> wrote:
Adriana Rodean wrote:
If ssh can't i'm thinking maybe Linux can...
I mean restrict only client X (which is behind a certain ip
address) to listen to port 1037 on the server.
No, if this is going to happen it has to happen in the SSH server.
OpenSSH can do this if each client has their own private SSH key, and
are using it for authentication.
As was suggested you would then disable all other authentication
methods than publickey in sshd, disallow generic port forwarding, and
include a permitopen directive for each client public key in
If you wish for it to function differently, keep in mind that one
really wonderful property of open source software such as OpenSSH
(and Linux) is that you yourself, or a contractor, can implement the
functionality you desire, exactly the way you like it. Of course it
is appreciated if any changes are made in agreement with developers,
and contributed back (posted to this mailing list) once finished.
openssh-unix-dev mailing list
- Prev by Date: Re: Restrict a client port-forward to 1 port
- Next by Date: ssh and banners
- Previous by thread: Re: Restrict a client port-forward to 1 port
- Next by thread: Re: Restrict a client port-forward to 1 port