0

when I start ssh socks5 proxy like that ssh user@localhost -D 0.0.0.0:1080 it allows to anyone to connect to localhost like curl --socks5 server.com localhost:12345 which can be a security issue for services that consider connections from localhost to be safe and ask no authentication (there are plenty of examples)

Question is, how to forbid ssh to connect to localhost on behalf of socks5 clients?

igor
  • 173

1 Answers1

2

The ssh SOCKS implementation doesn't have many features. I'd use a more robust SOCKS proxy.

However, you can use iptables to accomplish this. Something like:

iptables -A input -i lo -m owner --uid-owner userid -j REJECT
Mark Wagner
  • 18,428