FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 05-04-2011, 02:41 AM
Jerome BENOIT
 
Default sshd_config and OpenPermit

Hello List,

I am trying to restrict ssh port forwarding to one port on my Squeeze box:
my current understanding is that I may play with the OpenPermit option in sshd_config.
By default OpenPermit is set to `any': if I set it to 127.0.0.1:12345 ,
I observed not restriction at all: all port can still forward.
On the otherhand, if I set AllowTcpForwarding to `n' ,
then OpenPermit permits no port.

Do I miss something ?

Thanks in advance,
Jerome


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4DC0BCDC.6050906@rezozer.net">http://lists.debian.org/4DC0BCDC.6050906@rezozer.net
 
Old 05-04-2011, 02:52 PM
Camaleón
 
Default sshd_config and OpenPermit

On Wed, 04 May 2011 04:41:32 +0200, Jerome BENOIT wrote:

> I am trying to restrict ssh port forwarding to one port on my Squeeze
> box: my current understanding is that I may play with the OpenPermit
> option in sshd_config.

You meant "PermitOpen", right? :-)

> By default OpenPermit is set to `any': if I set
> it to 127.0.0.1:12345 , I observed not restriction at all: all port can
> still forward.

How are you testing this?

I think when you set "PermitOpen=hostort" you are limiting your users
to use local port forwarding on the specified host and port when they use
local port forwading.

> On the otherhand, if I set AllowTcpForwarding to `n' ,
> then OpenPermit permits no port.
>
> Do I miss something ?

AFAIK, "AllowTcpForwarding=no" should disable both, local and remote port
forwarding (-L and -R), regardless the value of any other variable.

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: pan.2011.05.04.14.52.21@gmail.com">http://lists.debian.org/pan.2011.05.04.14.52.21@gmail.com
 
Old 05-04-2011, 03:24 PM
Jerome BENOIT
 
Default sshd_config and OpenPermit

Hello List,

On 04/05/11 16:52, Camaleón wrote:

On Wed, 04 May 2011 04:41:32 +0200, Jerome BENOIT wrote:


I am trying to restrict ssh port forwarding to one port on my Squeeze
box: my current understanding is that I may play with the OpenPermit
option in sshd_config.


You meant "PermitOpen", right? :-)


Indeed




By default OpenPermit is set to `any': if I set
it to 127.0.0.1:12345 , I observed not restriction at all: all port can
still forward.


How are you testing this?


I use the script 'autossh.host' as provided by the package `autossh'from an other box.



I think when you set "PermitOpen=hostort" you are limiting your users
to use local port forwarding on the specified host and port when they use
local port forwading.


to use or to set up ?
According to my test both does not work.




On the otherhand, if I set AllowTcpForwarding to `n' ,
then OpenPermit permits no port.

Do I miss something ?


AFAIK, "AllowTcpForwarding=no" should disable both, local and remote port
forwarding (-L and -R), regardless the value of any other variable.


I got it, and `AllowTcpForwarding=no' seems to work as expected.

My aim is to permit a given user to be allowed to set only a given port,
not all ports.

Thanks,
Jerome



Greetings,




--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4DC16FA8.3080605@rezozer.net">http://lists.debian.org/4DC16FA8.3080605@rezozer.net
 
Old 05-05-2011, 07:37 PM
Jerome BENOIT
 
Default sshd_config and OpenPermit

Hello List !

On 04/05/11 17:24, Jerome BENOIT wrote:

Hello List,

On 04/05/11 16:52, Camaleón wrote:

On Wed, 04 May 2011 04:41:32 +0200, Jerome BENOIT wrote:


I am trying to restrict ssh port forwarding to one port on my Squeeze
box: my current understanding is that I may play with the OpenPermit
option in sshd_config.


You meant "PermitOpen", right? :-)


Indeed




By default OpenPermit is set to `any': if I set
it to 127.0.0.1:12345 , I observed not restriction at all: all port can
still forward.


How are you testing this?


I use the script 'autossh.host' as provided by the package `autossh'from
an other box.



I think when you set "PermitOpen=hostort" you are limiting your users
to use local port forwarding on the specified host and port when they use
local port forwading.


to use or to set up ?
According to my test both does not work.


I made a missunderstanding here:
I am looking to make a REMOTE forwarding port,
while PermitOpen concerns LOCAL forwarding port.

This does not solve my problem, but I least
I understand now why this approach does not work.






On the otherhand, if I set AllowTcpForwarding to `n' ,
then OpenPermit permits no port.

Do I miss something ?


AFAIK, "AllowTcpForwarding=no" should disable both, local and remote port
forwarding (-L and -R), regardless the value of any other variable.


I got it, and `AllowTcpForwarding=no' seems to work as expected.

My aim is to permit a given user to be allowed to set only a given port,
not all ports.

Thanks,
Jerome



Greetings,



Sorry for the noise,
Jerome






--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4DC2FC5F.7080104@rezozer.net">http://lists.debian.org/4DC2FC5F.7080104@rezozer.net
 

Thread Tools




All times are GMT. The time now is 06:29 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org