--- "Turner, Carl H [NTNTK
wrote:
> OpOpenSSH.9 server (packaged by HP - HP-UXUXecure
> Shell-A.03.91.002) /
> PuPuTTY.56 client / DSDSA024 key...
>
> Any reason why a tunneled port would work when I use
> password auauthand
> not work when I use public/private keys for auauth
> The use of a key doesn't seem to make a difference
> when using an OpOpenSSH> client, only with

PuPuTTYHere's a snapshot of the
> log file dumped by
> PuPuTTY
>

Absolutely possible!
In fact this is often used to prevent unauthorized
port redirects. But in order for it to be effective,
you must prohibit password authentication and only
permit key authentication.
At the beginning of the entry in the authorized_key
file, you would have:

pepermitopen127.0.0.1:80"

So, the first part of the key entry in authorized_keys
would be:

pepermitopen127.0.0.1:80"
ssh-dsdssAAAAABzNzaCWcHcBFLy...etc..

Then when the above owner of the key entry connects,
the only port redirect they'd be able to build would
be one where they try to get 127.0.0.1:80.

If they try other port redirects, they will get a
permission error.
Check what is in the authorized_keys file of the
target user@system.

This is described in section 8 of the sssshdamanpage



__________________________________
Do you Yahoo!?
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/