Bug 1857 - [RFE] restrict port forwarding to localhost
Summary: [RFE] restrict port forwarding to localhost
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 5.8p1
Hardware: All All
: P2 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_6_0
  Show dependency treegraph
 
Reported: 2011-02-11 00:36 AEDT by Pierre Ossman
Modified: 2016-08-02 10:40 AEST (History)
1 user (show)

See Also:

Attachments
Add port wildcard to permitopen ("permitopen localhost:*") (4.95 KB, patch)
2011-02-15 15:24 AEDT, Darren Tucker 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Pierre Ossman 2011-02-11 00:36:19 AEDT 
In a nutshell, I'd very much like to see something like GatewayPort for PermitOpen, restricting clients to just services on the machine with sshd.

Currently PermitOpen can only do this if you also specify a certain port. I'd like to allow any port (it is dynamically selected), but prevent people from using the sshd machine as a springboard to other machines. The users will not get a shell, instead ssh is essentially a VPN layer to get access to more insecure network services on the machine.

Bug 1513 might be related, although the focus there is on networks instead of ports. My usecase is limited to restricting to localhost.
Comment 1 Darren Tucker 2011-02-15 15:24:33 AEDT 
Created attachment 1997 [details]
Add port wildcard to permitopen ("permitopen localhost:*")
Comment 2 Damien Miller 2011-09-06 10:34:20 AEST 
Retarget unresolved bugs/features to 6.0 release
Comment 3 Damien Miller 2011-09-06 10:36:32 AEST 
Retarget unresolved bugs/features to 6.0 release
Comment 4 Damien Miller 2011-09-06 10:39:08 AEST 
Retarget unresolved bugs/features to 6.0 release

(try again - bugzilla's "change several" isn't)
Comment 5 Darren Tucker 2011-09-23 10:23:22 AEST 
This has been added and will be in the 6.0 release.

Thanks.
Comment 6 Damien Miller 2016-08-02 10:40:51 AEST 
Close all resolved bugs after 7.3p1 release