- dtucker@cvs.openbsd.org 2006/07/17 12:06:00

     [channels.c channels.h servconf.c sshd_config.5]
     Add PermitOpen directive to sshd_config which is equivalent to the
     "permitopen" key option.  Allows server admin to allow TCP port
     forwarding only two specific host/port pairs.  Useful when combined
     with Match.
     If permitopen is used in both sshd_config and a key option, both
     must allow a given connection before it will be permitted.
     Note that users can still use external forwarders such as netcat,
     so to be those must be controlled too for the limits to be effective.
     Feedback & ok djm@, man page corrections & ok jmc@.

1 files changed, 3 insertions, 1 deletions

diff --git a/channels.h b/channels.h
index d21319a2b..c473b730c 100644
--- a/channels.h
+++ b/channels.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.h,v 1.85 2006/07/11 18:50:47 markus Exp $ */
+/* $OpenBSD: channels.h,v 1.86 2006/07/17 12:06:00 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -207,7 +207,9 @@ int	 channel_find_open(void);
 void     channel_set_af(int af);
 void     channel_permit_all_opens(void);
 void     channel_add_permitted_opens(char *, int);
+void     channel_add_adm_permitted_opens(char *, int);
 void     channel_clear_permitted_opens(void);
+void     channel_clear_adm_permitted_opens(void);
 int      channel_input_port_forward_request(int, int);
 int      channel_connect_to(const char *, u_short);
 int      channel_connect_by_listen_address(u_short);