upstream commit Add a sshd_config DisableForwaring option that disables X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as anything else we might implement in the future. This, like the 'restrict' authorized_keys flag, is intended to be a simple and future-proof way of restricting an account. Suggested as a complement to 'restrict' by Jann Horn; ok markus@ Upstream-ID: 203803f66e533a474086b38a59ceb4cf2410fcf7

commit: 7844f357cdd90530eec81340847783f1f1da010b [log] [tgz]
author: djm@openbsd.org <djm@openbsd.org> Wed Nov 30 03:00:05 2016 +0000
committer: Damien Miller <djm@mindrot.org> Wed Nov 30 19:44:01 2016 +1100
tree: a31f2189df130942f72eb0ea936fbbe9a70f0f65
parent: fd6dcef2030d23c43f986d26979f84619c10589d [diff] [blame]
diff --git a/servconf.h b/servconf.h
index 8af460f..5853a97 100644
--- a/servconf.h
+++ b/servconf.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.122 2016/08/19 03:18:06 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.123 2016/11/30 03:00:05 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -125,6 +125,7 @@
 	int	allow_tcp_forwarding; /* One of FORWARD_* */
 	int	allow_streamlocal_forwarding; /* One of FORWARD_* */
 	int	allow_agent_forwarding;
+	int	disable_forwarding;
 	u_int num_allow_users;
 	char   *allow_users[MAX_ALLOW_USERS];
 	u_int num_deny_users;
commit	7844f357cdd90530eec81340847783f1f1da010b	[log] [tgz]
author	djm@openbsd.org <djm@openbsd.org>	Wed Nov 30 03:00:05 2016 +0000
committer	Damien Miller <djm@mindrot.org>	Wed Nov 30 19:44:01 2016 +1100
tree	a31f2189df130942f72eb0ea936fbbe9a70f0f65
parent	fd6dcef2030d23c43f986d26979f84619c10589d [diff] [blame]