How can I stop users being able to access services bound to localhost via SSH port forwarding?
Fresh3 days ago
Mar 15, 2026204 viewsConfidence Score0%
0%
Problem
I want to be able to offer SSH accounts on my Linux server for people to be able to use for SSH tunnelling. All accounts will be locked down with no interactive shell, for tunnelling / port forwarding purposes only. My problem is that I don't want them to be able to access services that are bound t…
Error Output
ssh account@server -L 9999:127.0.0.1:3306 & telnet localhost 9999
Unverified for your environment
Select your OS to check compatibility.
1 Fix
Canonical Fix
Unverified Fix
New Fix – Awaiting Verification
Fix for: How can I stop users being able to access services bound to localhost via SSH port forwarding?
Low Risk
I haven't tried it myself, but the and options for rules appears to let you restrict connections based on UID and GID. In other words, specific users can be prevented from making outbound connections on a given interface. So maybe something like thi…
Awaiting Verification
Be the first to verify this fix
Sign in to verify this fix