openssh-unix-dev October 2011 archive
Main Archive Page > Month Archives  > openssh-unix-dev archives
openssh-unix-dev: Re: Restricting users using one port

Re: Restricting users using one port

From: Damien Miller <djm_at_nospam>
Date: Sun Oct 16 2011 - 21:06:57 GMT
To: Darren Tucker <>

On Mon, 17 Oct 2011, Darren Tucker wrote:

> It's feasible. The initial Match processing is done just after the
> client sends the username so both the local address and port are known
> and there should be no additional hooks needed.
> I'd suggest calling them LocalAddress and LocalPort (or ServerAddress
> and ServerPort) though.
> Attached are two patches: openssh-match-struct.patch
> which moves the items that are checked to a struct, and
> openssh-match-localaddrport.patch which implements the requested
> functionality. (You only need the latter to try it, the former is just
> for review).

I like this, but I prefer LocalAddress/LocalPort over
ListenAddress/ListenPort. Instead of adding another global, perhaps you
could add a canohost.c function that returns a (cached) ConnectionInfo?

openssh-unix-dev mailing list