From unknown Fri Jun 20 07:17:02 2025
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
Content-Type: text/plain; charset=utf-8
From: bug#32264 <32264@debbugs.gnu.org>
To: bug#32264 <32264@debbugs.gnu.org>
Subject: Status: openssh forwarding options
Reply-To: bug#32264 <32264@debbugs.gnu.org>
Date: Fri, 20 Jun 2025 14:17:02 +0000

retitle 32264 openssh forwarding options
reassign 32264 guix-patches
submitter 32264 Eric Brown <brown@fastmail.com>
severity 32264 normal

thanks


From debbugs-submit-bounces@debbugs.gnu.org Tue Jul 24 18:54:54 2018
Received: (at submit) by debbugs.gnu.org; 24 Jul 2018 22:54:54 +0000
Received: from localhost ([127.0.0.1]:55853 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1fi6Ci-0002fq-Eu
	for submit@debbugs.gnu.org; Tue, 24 Jul 2018 18:54:54 -0400
Received: from eggs.gnu.org ([208.118.235.92]:48242)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <brown@fastmail.com>) id 1fi6Cg-0002fa-F8
 for submit@debbugs.gnu.org; Tue, 24 Jul 2018 18:54:50 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <brown@fastmail.com>) id 1fi6Ca-000611-AY
 for submit@debbugs.gnu.org; Tue, 24 Jul 2018 18:54:45 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
 T_DKIM_INVALID autolearn=disabled version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:46715)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <brown@fastmail.com>) id 1fi6Ca-00060Y-5r
 for submit@debbugs.gnu.org; Tue, 24 Jul 2018 18:54:44 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:39153)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <brown@fastmail.com>) id 1fi6CV-0001io-5V
 for guix-patches@gnu.org; Tue, 24 Jul 2018 18:54:43 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <brown@fastmail.com>) id 1fi6CS-0005ue-1s
 for guix-patches@gnu.org; Tue, 24 Jul 2018 18:54:39 -0400
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:43183)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <brown@fastmail.com>) id 1fi6CR-0005sN-O6
 for guix-patches@gnu.org; Tue, 24 Jul 2018 18:54:35 -0400
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47])
 by mailout.nyi.internal (Postfix) with ESMTP id E674921924
 for <guix-patches@gnu.org>; Tue, 24 Jul 2018 18:54:33 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute7.internal (MEProxy); Tue, 24 Jul 2018 18:54:33 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h=
 content-type:date:from:message-id:mime-version:subject:to
 :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=Dgu9SJaJscM8Ns+KW
 2yJyoNCbi+aRzwNpyxUAqPciw4=; b=Dfd5H7cCHx4RBKxRoIky2Jc4B1VJXSQ8d
 nhv1OGLoNiBzGafLkEQMcFIiesa3DeySgfb09zTGfCvR5ezMqgSinxJJpf0aeKvN
 7gi4OTlZXzB9jlH+fe/tQMHaGGQK2ojoQMyxoF6c9VeGIsJd2QqE5Unh7CDgySEZ
 cFNueGiUnZ80yHO9tr9iWk3/Tlk5u0gA3Rq+QBp3uwkalpvP7jsIOxoUrm/6IH0l
 z268aOrXQDvDZ2mozbcqMtCAusgGRgVVpX3jXeWBhqhUKvIcl96cmR0t0Ej9MBOz
 HcjAVg7wF/LFfhO03RRWocPtbGXikShJ0BIrp7wU4K7n8ZDDJyoww==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=content-type:date:from:message-id
 :mime-version:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=
 fm3; bh=Dgu9SJaJscM8Ns+KW2yJyoNCbi+aRzwNpyxUAqPciw4=; b=RHN0tWRX
 WKtzHfYJJ1HCWY0QoGxYO/UxDocUhJBNmH0KkuIbItNlPYcrrRxwfzi3s6DfLGlY
 0WNT75Nm758/JfR/Y3ZNslzQYSj+D+gPnL8JwHSDbwH3ZbehrPzQS+2sJ9fQpsaA
 QlWpaRLmUKOBfgpa+RhY0tdOZdNNJf6E6yhImnh8rS97DhwywK1wf9gkCbJLVaFW
 Nd591kWddBouivs5tCcSF3dpFb+s/DyZB8oSXEYBaqmAyKixj6hyWe7bxRDMLwlB
 jJT59QPg5rL09FWNPlRvuIy4+1XVYq8neVNSZahHPffnTR3IsNdqxwqQLBdLp3uO
 c/xZybqFh77ezQ==
X-ME-Proxy: <xmx:Ka5XW1NphOZopAR91QG_On1SdjZhzPTzte2exhf1fqpYhq3Z1KjJbQ>
 <xmx:Ka5XW9V9cLfLpgK0uyZF7gAxyBbsO0aaK5U4VhjZzjAqhZ71Iw8Zkg>
 <xmx:Ka5XW0fYe_0CPtaJ0-i4s-xZSvPHxPacdEj4jfBl1HkeA7VCUdyCow>
 <xmx:Ka5XWxtzkci3i146iDByIQC7NItj_lQW1Y9pUL3nSlmaFMhiVxjrPQ>
 <xmx:Ka5XW79u3R9cuFoHiPc6k86ZfhwKBlfJyZfzDBkGYC0V4pVqpIETUg>
 <xmx:Ka5XWzV1U2AQEDuzpx7Uf5dEVehBh1kvs165326WxtUg9vcADh9e9A>
X-ME-Sender: <xms:Ka5XW1_N2bPDA9-9GfBn8w1H7dzZoaD1g5bLDgWeDznCttW6ty9LCg>
Received: from localhost (c-98-226-192-215.hsd1.il.comcast.net
 [98.226.192.215])
 by mail.messagingengine.com (Postfix) with ESMTPA id 6D02DE4534
 for <guix-patches@gnu.org>; Tue, 24 Jul 2018 18:54:33 -0400 (EDT)
From: Eric Brown <brown@fastmail.com>
To: guix-patches@gnu.org
Subject: openssh forwarding options
Date: Tue, 24 Jul 2018 17:54:32 -0500
Message-ID: <878t60tfbr.fsf@fastmail.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
 [fuzzy]
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -4.3 (----)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.3 (-----)

--=-=-=
Content-Type: text/plain

Please find attached a patch that enables the configuration of some of
openssh's forwarding options.

These changes are based off of the existing x11-forwarding? option that
already exists in ssh.scm.

Also, I have added some documentation for these options.


--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment;
 filename=0001-gnu-services-Add-forwarding-options-to-openssh.patch

>From f2c0c2387b2dcc4ce092c31a5a024565e4adbb50 Mon Sep 17 00:00:00 2001
From: Eric Brown <brown@fastmail.com>
Date: Tue, 24 Jul 2018 16:19:40 -0500
Subject: [PATCH] gnu: services: Add forwarding options to openssh.

* gnu/services/ssh.scm (openssh): Add forwarding options to openssh.
---
 doc/guix.texi        |  9 +++++++++
 gnu/services/ssh.scm | 22 ++++++++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/doc/guix.texi b/doc/guix.texi
index 84347d156..0341ea29f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -11634,6 +11634,15 @@ When true, forwarding of X11 graphical client connections is
 enabled---in other words, @command{ssh} options @option{-X} and
 @option{-Y} will work.
 
+@item @code{allow-agent-forwarding?} (default: @code{#t})
+Whether to allow agent forwarding.
+
+@item @code{allow-tcp-forwarding?} (default: @code{#t})
+Whether to allow TCP forwarding.
+
+@item @code{gateway-ports?} (default: @code{#f})
+Whether to allow gateway ports.
+
 @item @code{challenge-response-authentication?} (default: @code{#f})
 Specifies whether challenge response authentication is allowed (e.g. via
 PAM).
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index f158fdf01..dd96ad6ae 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -289,6 +289,19 @@ The other options should be self-descriptive."
   ;; Boolean
   (x11-forwarding?       openssh-configuration-x11-forwarding?
                          (default #f))
+
+  ;; Boolean
+  (allow-agent-forwarding? openssh-configuration-allow-agent-forwarding?
+                           (default #t))
+
+  ;; Boolean
+  (allow-tcp-forwarding? openssh-configuration-allow-tcp-forwarding?
+                         (default #t))
+
+  ;; Boolean
+  (gateway-ports? openssh-configuration-gateway-ports?
+                         (default #f))
+
   ;; Boolean
   (challenge-response-authentication? openssh-challenge-response-authentication?
                                       (default #f))
@@ -418,6 +431,15 @@ of user-name/file-like tuples."
            (format port "X11Forwarding ~a\n"
                    #$(if (openssh-configuration-x11-forwarding? config)
                          "yes" "no"))
+           (format port "AllowAgentForwarding ~a\n"
+                   #$(if (openssh-configuration-allow-agent-forwarding? config)
+                         "yes" "no"))
+           (format port "AllowTcpForwarding ~a\n"
+                   #$(if (openssh-configuration-allow-tcp-forwarding? config)
+                         "yes" "no"))
+           (format port "GatewayPorts ~a\n"
+                   #$(if (openssh-configuration-gateway-ports? config)
+                         "yes" "no"))
            (format port "PidFile ~a\n"
                    #$(openssh-configuration-pid-file config))
            (format port "ChallengeResponseAuthentication ~a\n"
-- 
2.18.0


--=-=-=--




From debbugs-submit-bounces@debbugs.gnu.org Sun Jul 29 10:05:37 2018
Received: (at 32264-done) by debbugs.gnu.org; 29 Jul 2018 14:05:37 +0000
Received: from localhost ([127.0.0.1]:33956 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1fjmKH-0005vq-HE
	for submit@debbugs.gnu.org; Sun, 29 Jul 2018 10:05:37 -0400
Received: from eggs.gnu.org ([208.118.235.92]:43137)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1fjmKG-0005ve-5z
 for 32264-done@debbugs.gnu.org; Sun, 29 Jul 2018 10:05:36 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@gnu.org>) id 1fjmKA-0001tz-A4
 for 32264-done@debbugs.gnu.org; Sun, 29 Jul 2018 10:05:31 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled
 version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:40332)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1fjmKA-0001tn-5y; Sun, 29 Jul 2018 10:05:30 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=48240 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1fjmK9-0003ve-9P; Sun, 29 Jul 2018 10:05:29 -0400
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: Eric Brown <brown@fastmail.com>
Subject: Re: [bug#32264] openssh forwarding options
References: <878t60tfbr.fsf@fastmail.com>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 11 Thermidor an 226 de la =?utf-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Sun, 29 Jul 2018 16:05:28 +0200
In-Reply-To: <878t60tfbr.fsf@fastmail.com> (Eric Brown's message of "Tue, 24
 Jul 2018 17:54:32 -0500")
Message-ID: <87d0v6f87r.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 32264-done
Cc: 32264-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -6.0 (------)

Hello,

Eric Brown <brown@fastmail.com> skribis:

> From f2c0c2387b2dcc4ce092c31a5a024565e4adbb50 Mon Sep 17 00:00:00 2001
> From: Eric Brown <brown@fastmail.com>
> Date: Tue, 24 Jul 2018 16:19:40 -0500
> Subject: [PATCH] gnu: services: Add forwarding options to openssh.
>
> * gnu/services/ssh.scm (openssh): Add forwarding options to openssh.

I adjusted the commit log to mention all the changes and committed.

Thank you!

Ludo=E2=80=99.




From unknown Fri Jun 20 07:17:02 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Mon, 27 Aug 2018 11:24:05 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator