Thread: Restricting Port forwarding in SSH server
View Single Post

  #2 (permalink)  
Old 06-12-2007, 09:13 PM
nixcraft's Avatar
nixcraft nixcraft is offline
Never say die
User
  
Join Date: Jan 2005
Location: BIOS
My distro: Ubuntu
Posts: 1,060
Rep Power: 10
nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute
Default
Some commercial server implementations do have options like
AllowForwardingPort number
DenyForwardingPort number
AllowForwardingTo 3000
DenyForwardingTo 8080

However latest version of OpenSSH comes with permitopen="hostort"
It will limit local ssh –L port forwarding such that it may only connect to the specified host and port.

For example, if you want to allow port forwarding to a remote imap server called "server.nixcraft.in", add permitopen="server.nixcraft.in:143". See man page for example.
__________________
Vivek | My personal blog
Linux Evangelist
Play hard stay cool
Reply With Quote