Comments (1)
zack-vii
commented on September 25, 2024
this would be possible but towards your issue it seems to be possible to forward port to a file instead (under linux-like os').
[source chatGPT]
Yes, it is possible to restrict a locally forwarded port to the current user on a Unix-like operating system (such as Linux or macOS) by utilizing the file system's permissions and network configuration. This can help prevent other users on the same machine from accessing a tunnel port set up by another user.
Here's a step-by-step guide on how to achieve this:
Choose a Port: Decide on a port number that will be used for your local port forwarding. Let's assume you want to forward port 8080.
Create a Specific Directory: Create a directory to store configuration files and sockets related to your port forwarding. For example:
bash
mkdir ~/.local_forwarding
Set Permissions: Ensure that only your user has access to this directory. You can do this by changing the directory's permissions:
bash
chmod 700 ~/.local_forwarding
Forward the Port: When forwarding the port, specify a Unix socket in your specific directory:
bash
ssh -L ~/.local_forwarding/forwarded_socket:/localhost:8080 user@remote_host
This command forwards port 8080 on the remote host to the Unix socket ~/.local_forwarding/forwarded_socket on your local machine.
Restrict Access: To prevent other users from accessing the Unix socket, you should make sure that your user is the only one with read and write permissions to the socket file:
bash
chmod 600 ~/.local_forwarding/forwarded_socket
Inform the Application: If you are using an application that connects to the forwarded port (e.g., a web browser), configure it to use the Unix socket path instead of the traditional host and port. For example, in a web browser, you might enter unix:~/.local_forwarding/forwarded_socket as the proxy server.
By using Unix sockets and setting strict file permissions, you can restrict access to the locally forwarded port to your user only. Other users on the same machine should not have access to this socket, thereby preventing them from accessing the tunnel port set up by another user.
It should be possible to use the tunnel protocol to gain access to that port. we could provide a default tunnel for this kind of forwarding.
from mdsplus.
Related Issues (20)
- Is it possible to limit the amount of concurrent connections of a specific user HOT 3
- Have TCL's `show version` command also display the build date HOT 1
- In `tdi/RfxDevices/DIO2` initialization, remove the flag that triggers a TDI `abort()` on a failed connection HOT 1
- Error reporting when using function mdsvalue in Matlab which version——stable_release-7-142-80 HOT 14
- Source repo contains obsolete public key for RPM packages HOT 2
- Wrong number of child nodes in python TreeNode.getChildren()
- add timestamps, client ip & name, pid to mdsip error logs, equivalent to "access" logs HOT 1
- assign priorities to incoming mdsip connections HOT 1
- intermittent failure to connect to MDSplus server HOT 2
- enable linking MDSplus to custom python conda environments, and NOT system-wide python HOT 2
- errors importing MDSplus with numpy 2.x HOT 1
- Stable 7.142.80, Windows: server does not accept incoming conenctions (Attempting to duplicate socket from pid 8660 socket 380) HOT 7
- Source code has outdated MIT License, so eventually should replace with current MIT License HOT 1
- RHEL manual builds done locally (not on build server) fail because incorrectly expects an RPM signing key HOT 1
- Existing MATLAB scripts are broken by changes in class/type caused by APD changes.
- Make `mdsip` logging compatible with the automatic log management features provided by the operating system HOT 1
- Python documentation on mdsplus.org broken. HOT 5
- Uninstalling MDSplus on RHEL systems fails to remove the MDSplus signing key from RPM's key manager HOT 2
- Error installing `mdsplus-python` package on RHEL7
- another trouble with numpy 2.x
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mdsplus.