| commit | 1da3bef6fb3e09b95aeea5b3099dc8a8413252ef | |
| author | djm <djm> | |
| Mon, 24 Jul 2006 04:04:00 +0000 (24 04:04 +0000) | ||
| committer | djm <djm> | |
| Mon, 24 Jul 2006 04:04:00 +0000 (24 04:04 +0000) | ||
| tree | 7e11a7ed622075d82d4e4c15a5536a5a9621a75e | treesnapshot (tar.gz zip) |
| parent | 190c58b9b1bf2005997078dd34af09d6dcb23197 | commitdiff |
- dtucker@cvs.openbsd.org 2006/07/17 12:06:00
[channels.c channels.h servconf.c sshd_config.5]
Add PermitOpen directive to sshd_config which is equivalent to the
"permitopen" key option. Allows server admin to allow TCP port
forwarding only two specific host/port pairs. Useful when combined
with Match.
If permitopen is used in both sshd_config and a key option, both
must allow a given connection before it will be permitted.
Note that users can still use external forwarders such as netcat,
so to be those must be controlled too for the limits to be effective.
Feedback & ok djm@, man page corrections & ok jmc@.
[channels.c channels.h servconf.c sshd_config.5]
Add PermitOpen directive to sshd_config which is equivalent to the
"permitopen" key option. Allows server admin to allow TCP port
forwarding only two specific host/port pairs. Useful when combined
with Match.
If permitopen is used in both sshd_config and a key option, both
must allow a given connection before it will be permitted.
Note that users can still use external forwarders such as netcat,
so to be those must be controlled too for the limits to be effective.
Feedback & ok djm@, man page corrections & ok jmc@.
| ChangeLog | diffblobblamehistory | |
| channels.c | diffblobblamehistory | |
| channels.h | diffblobblamehistory | |
| servconf.c | diffblobblamehistory | |
| sshd_config.5 | diffblobblamehistory |