2

I have a special user on my server, let's call it foo. I use it only for port forwarding.

The user's .ssh/authorized_keys2 is set up to prevent login and to open only a specific port:

no-pty,no-X11-forwarding,permitopen="localhost:4000",\
command="/bin/echo do-not-send-commands" ssh-rsa <long public key> bar@foobar

Additionally, the foo has its shell set to /bin/false in /etc/passwd.

I can't log onto the machine (that's what I want):

$ ssh foo@remote
PTY allocation request failed on channel 0
Connection to remote closed.

But I can open ports. Interestingly, I can open port 4000, but also other unprivileged ports:

$ ssh -N -R 4001:localhost:22 foo@remote
> # connection established

On remote with user bar, I can connect:

$ ssh -p4001 bar@localhost
bar@localhost's password:
Last login: Fri Sep 26 09:23:45 2014 from localhost.localdomain
...

Why can user foo open port 4001, when I limited it to permitopen="localhost:4000"?

Sebastian
  • 8,677
  • 4
  • 39
  • 49

1 Answers1

2

Ah, re-reading the manual reveals the cause:

permitopen="host:port"
    Limit local ``ssh -L'' port forwarding....

Also mentioned in this U&L Q&A titled: How can I limit ssh remote port forwarding?.

Community
  • 1
Sebastian
  • 8,677
  • 4
  • 39
  • 49