Date: Tue, 25 Jan 2000 20:08:50 +0900 From: sen_ml@eccosys.com To: security@freebsd.org Subject: restricting which ports a user can forward in ssh (was Re: sshd and pop/ftponly users incorrect configuration) Message-ID: <20000125200850Q.1000@eccosys.com> In-Reply-To: <Pine.LNX.4.10.10001251128120.14396-100000@vulcan.alphanet.ch> References: <Pine.LNX.4.10.10001251128120.14396-100000@vulcan.alphanet.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
this may not be directly related, but since the topic is similar... i have suggested in the past on the ssh and openssh-unix-dev mailing lists whether it might be useful to be able to restrict which ports a given user can forward. it is clear that for this to be useful, you would need to prevent shell access by users. if the functionality did exist, to set this up you'd set up authorized_key files for each user (or create a dummy account w/ an authorized_key file) and put an appropriate command="..." option in for each key. i have not found this functionality in any of the ssh daemons -- is there a patch out there to do this? not having ever received a response about this idea, i begin to wonder whether it is completely useless ;-) it seems like it would not be all that hard to implement... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000125200850Q.1000>