https://bugzilla.mindrot.org/show_bug.cgi?id=2038
--- Comment #8 from Martin Häcker <[email protected]> --- I would like to add that we identified a possible security risk by not being able to restrict the remote port forwarding. Our use case is that we want to give one customer the ability to safely (via ssh tunnel) access a service that is only accessible locally on a machine, but noticed that if we allow him to locally (-L) forward a port, he can also use ssh to bind to any other port via -R. The problem with this is that ssh by default is perfectly happy to bind to ipv6 addresses, even for ports where the ipv4 address is already bound (8080 for some web server for example). Now other more modern tools (e.g. apache) could try to connect to the newly opened ipv6 port instead of the original service, if they are configured to use symbolic names like 'localhost' I don't think this is a big risk, but certainly very unexpected for us. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
