diff options
author | djm@openbsd.org <djm@openbsd.org> | 2016-11-30 03:00:05 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2016-11-30 19:44:01 +1100 |
commit | 7844f357cdd90530eec81340847783f1f1da010b (patch) | |
tree | a31f2189df130942f72eb0ea936fbbe9a70f0f65 /servconf.h | |
parent | fd6dcef2030d23c43f986d26979f84619c10589d (diff) |
upstream commit
Add a sshd_config DisableForwaring option that disables
X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as
anything else we might implement in the future.
This, like the 'restrict' authorized_keys flag, is intended to be a
simple and future-proof way of restricting an account. Suggested as
a complement to 'restrict' by Jann Horn; ok markus@
Upstream-ID: 203803f66e533a474086b38a59ceb4cf2410fcf7
Diffstat (limited to 'servconf.h')
-rw-r--r-- | servconf.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/servconf.h b/servconf.h index 8af460f5a..5853a9747 100644 --- a/servconf.h +++ b/servconf.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: servconf.h,v 1.122 2016/08/19 03:18:06 djm Exp $ */ | 1 | /* $OpenBSD: servconf.h,v 1.123 2016/11/30 03:00:05 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -125,6 +125,7 @@ typedef struct { | |||
125 | int allow_tcp_forwarding; /* One of FORWARD_* */ | 125 | int allow_tcp_forwarding; /* One of FORWARD_* */ |
126 | int allow_streamlocal_forwarding; /* One of FORWARD_* */ | 126 | int allow_streamlocal_forwarding; /* One of FORWARD_* */ |
127 | int allow_agent_forwarding; | 127 | int allow_agent_forwarding; |
128 | int disable_forwarding; | ||
128 | u_int num_allow_users; | 129 | u_int num_allow_users; |
129 | char *allow_users[MAX_ALLOW_USERS]; | 130 | char *allow_users[MAX_ALLOW_USERS]; |
130 | u_int num_deny_users; | 131 | u_int num_deny_users; |