diff options
author | Damien Miller <djm@mindrot.org> | 2006-07-24 14:04:00 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2006-07-24 14:04:00 +1000 |
commit | 9b439df18a9d56683584811ce38dcf72acd4cb20 (patch) | |
tree | dc7d64d4ae9ce7c47d52804671e8b5d2aedddae3 /channels.h | |
parent | 98299261eb970688a7bad346491cffdf2a7f6072 (diff) |
- dtucker@cvs.openbsd.org 2006/07/17 12:06:00
[channels.c channels.h servconf.c sshd_config.5]
Add PermitOpen directive to sshd_config which is equivalent to the
"permitopen" key option. Allows server admin to allow TCP port
forwarding only two specific host/port pairs. Useful when combined
with Match.
If permitopen is used in both sshd_config and a key option, both
must allow a given connection before it will be permitted.
Note that users can still use external forwarders such as netcat,
so to be those must be controlled too for the limits to be effective.
Feedback & ok djm@, man page corrections & ok jmc@.
Diffstat (limited to 'channels.h')
-rw-r--r-- | channels.h | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.85 2006/07/11 18:50:47 markus Exp $ */ +/* $OpenBSD: channels.h,v 1.86 2006/07/17 12:06:00 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -207,7 +207,9 @@ int channel_find_open(void); void channel_set_af(int af); void channel_permit_all_opens(void); void channel_add_permitted_opens(char *, int); +void channel_add_adm_permitted_opens(char *, int); void channel_clear_permitted_opens(void); +void channel_clear_adm_permitted_opens(void); int channel_input_port_forward_request(int, int); int channel_connect_to(const char *, u_short); int channel_connect_by_listen_address(u_short); |