Package: ssh Version: 1:3.8.1p1-4 Severity: wishlist I just got very confused by the sshd manpage which says:
------------------ no-port-forwarding Forbids TCP/IP forwarding when this key is used for authentication. Any port forward requests by the client will return an error. This might be used, e.g., in connection with the command option. permitopen=host:port Limit local `ssh -L'' port forwarding such that it may only connect to the specified host and port. IPv6 addresses can be specified with an alternative syntax: host / port Multiple permitopen options may be applied separated by commas. No pattern matching is performed on the specified hostnames, they must be literal domains or addresses. ------------------ It should be more clearly mentioned that no-port-forwarding completely disabled forwarding, and that a permitopen="" clause isn't necessary if no-port-forwarding is set. Additionally, sshd should not barf on a permitopen="" clause, but instead interpret that clause as "no-port-forwarding". For orthogonality, there should be control for -R port forwarding as well. Greetings Marc, who hopes that he is on the safe side with only no-port-forwarding set. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.6-janeway Locale: LANG=C, LC_CTYPE=C Versions of packages ssh depends on: ii adduser 3.56 Add and remove users and groups ii debconf 1.4.25 Debian configuration management sy ii dpkg 1.10.22 Package maintenance system for Deb ii libc6 2.3.2.ds1-13 GNU C Library: Shared libraries an ii libpam-modules 0.76-21 Pluggable Authentication Modules f ii libpam-runtime 0.76-21 Runtime support for the PAM librar ii libpam0g 0.76-21 Pluggable Authentication Modules l ii libssl0.9.7 0.9.7d-3 SSL shared libraries ii libwrap0 7.6.dbs-4 Wietse Venema's TCP wrappers libra ii zlib1g 1:1.2.1.1-3 compression library - runtime -- debconf information excluded
