Peter Moody
2016-07-19 03:05:12 UTC
I have a need to be able to permit ssh proxying to any host in prod,
but only permit arbitrary ssh port forwards to a very small set of
hosts. With the current PermitOpen config syntax, I can only specify a
wildcard in the port field, but I would like to be able to add
something like the following on my production jumphosts:
PermitOpen *:22 special-forwarding-gateway:*
the attached patch implements this functionality in the most basic way
possible. It's possible people may want fancier filtering (CIDR based,
or *.corp.foo.com), I could add that too if you'd prefer.
Let me know what sort of CLA you need to have signed. I've gotten the
go-ahead from our legal folks to submit this.
Cheers,
peter
but only permit arbitrary ssh port forwards to a very small set of
hosts. With the current PermitOpen config syntax, I can only specify a
wildcard in the port field, but I would like to be able to add
something like the following on my production jumphosts:
PermitOpen *:22 special-forwarding-gateway:*
the attached patch implements this functionality in the most basic way
possible. It's possible people may want fancier filtering (CIDR based,
or *.corp.foo.com), I could add that too if you'd prefer.
Let me know what sort of CLA you need to have signed. I've gotten the
go-ahead from our legal folks to submit this.
Cheers,
peter