Server-Side Configuration for SSH Port Forwarding
The AllowTcpForwarding option in the OpenSSH server configuration file must be enabled on the server to allow port forwarding. By default, forwarding is allowed. Possible values for this option are
Another option of interest is AllowStreamLocalForwarding, which can be used to forward Unix domain sockets. It allows the same values as AllowTcpForwarding. The default is yes.
For example:
AllowTcpForwarding remote
AllowStreamLocalForwarding no
The GatewayPorts configuration option also affects remote port forwardings. Possible values were
- yes or all to allow all TCP forwarding,
- no to prevent all TCP forwarding,
- local to allow local forwardings, and
- remote to allow remote forwardings.
Another option of interest is AllowStreamLocalForwarding, which can be used to forward Unix domain sockets. It allows the same values as AllowTcpForwarding. The default is yes.
For example:
AllowTcpForwarding remote
AllowStreamLocalForwarding no
The GatewayPorts configuration option also affects remote port forwardings. Possible values were
- no (only local connections from server host allowed; default),
- yes (anyone on the Internet can connect to remote forwarded ports),
- clientspecified (client can specify an IP address that can connect, anyone can if not specified).
Comments
Post a Comment