Re: Port forwarding and access restriction

On Mon, Feb 01, 2010 at 08:10:36PM +0000, Michael Goffioul wrote:
Now the user uses a VNC client to connect to A:36725. What I'd like
to know is whether I can impose access restriction on A:36725, for
instance by limiting the number of accepted connections.

As someone else already mentioned, you can't do this with OpenSSH.
You can, however, do it with some sort of firewall software. They
posted instructions for using Linux's kernel-based firewall software;
if you're not using Linux, there should be a similar thing available
for your OS (though if it's a commercial OS, you will likely need
commercial software).

In your answer, you mention settings in sshd_config. These are for
the SSH daemon, right?

Yes, sshd_config controls the ssh daemon.

Do these also apply to the SSH client that is doing port forwarding?

No; or more exactly, only to the extent that the SSH server exerts
control over connecting clients (but generally no).

Derek D. Martin
GPG Key ID: 0x81CFE75D

Attachment: pgpKzVwKN2VTY.pgp
Description: PGP signature