OpenSSH: allow -R only

From: Thomas Themel (themel-comp.security.ssh-030828_at_isogsglei.iwoars.net)
Date: 08/28/03


Date: 28 Aug 2003 10:35:28 GMT

Hi,

I'm trying to set up an account on an OpenSSH server to only allow -R
forwarding, but not -L forwarding. I've gone through a lot of OpenSSH
documentation and Google results, but it seems there is no way to configure
this.

Things I've tried that failed:

- no-port-forwarding also blocks -R forwarding
- permitopen can be used to allow specific -L connection

The target scenario should allow authorized clients to connect and let
the (host-key authenticated) server access their forwards, but not allow
the clients any extra access to the network of the server.

Is there a way to do this in OpenSSH (preferrably 3.4, but upgrade is
possible)?

ciao,

-- 
[*Thomas  Themel*]      one with nintendo
[extended contact]      halcyon symbiosis
[info provided in]      hand thinks for itself
[*message header*]  -- D. A. Koronakos and B. Roberts; "High-tech Haikus"