Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 25 Jan 2000 20:08:50 +0900
From:      sen_ml@eccosys.com
To:        security@freebsd.org
Subject:   restricting which ports a user can forward in ssh (was Re: sshd and pop/ftponly users incorrect configuration)
Message-ID:  <20000125200850Q.1000@eccosys.com>
In-Reply-To: <Pine.LNX.4.10.10001251128120.14396-100000@vulcan.alphanet.ch>
References:  <Pine.LNX.4.10.10001251128120.14396-100000@vulcan.alphanet.ch>

next in thread | previous in thread | raw e-mail | index | archive | help
this may not be directly related, but since the topic is similar...

i have suggested in the past on the ssh and openssh-unix-dev mailing
lists whether it might be useful to be able to restrict which ports a
given user can forward.  it is clear that for this to be useful, you
would need to prevent shell access by users.  

if the functionality did exist, to set this up you'd set up
authorized_key files for each user (or create a dummy account w/ an
authorized_key file) and put an appropriate command="..." option in
for each key.

i have not found this functionality in any of the ssh daemons -- is
there a patch out there to do this?

not having ever received a response about this idea, i begin to wonder
whether it is completely useless ;-)

it seems like it would not be all that hard to implement...


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000125200850Q.1000>