Added permitopen option to authorized_keys

It is now possible to limit local port forwarding to specified destination(s) by using the permitopen option in authorized_keys. Resolves #181
2025-06-26 18:17:32 +00:00 · 2022-07-07 11:37:31 +03:00
parent 808bc392a0
commit 1e4d64d300
4 changed files with 107 additions and 0 deletions
--- a/dropbear.8
+++ b/dropbear.8
@@ -144,6 +144,14 @@ same functionality with other means even if no-pty is set.
 .B restrict
 Applies all the no- restrictions listed above.

+.TP
+.B permitopen=\fR"\fIhost:port\fR"
+Restrict local port forwarding so that connection is allowed only to the
+specified host and port. Multiple permitopen options separated by commas
+can be set in authorized_keys. Wildcard character ('*') may be used in
+port specification for matching any port. Hosts must be literal domain names or
+IP addresses.
+
 .TP
 .B command=\fR"\fIforced_command\fR"
 Disregard the command provided by the user and always run \fIforced_command\fR.