Allow Port Forwarding to restrict access to localhost (security)
Currently, Port Forwarding allows both the phone and anyone with the phone's IP to tunnel through SSH to the destination address. While this may be desirable in some circumstances, in most, it opens a security hole through a pre-secured tunnel into the destination network/host.
I would suggest that the default be to restrict access to the localhost, but give us a tickbox on the port forwarding setup page with the option to "Allow access other than localhost" for those that really do want that (unsafe) behavior. For example, if the endpoint is secured by other means.
If it helps, SSH on OSX (FreeBSD and others) already does this by specifying localhost before the local port number being mapped. However, there is not an option to input anything other than numerals in the local port on your iOS app though. (I though to try that first)
1 commentComments are closed
Currently, if I forward a local port in Termius, then *any* host that can connect to my iPad/iPhone (including the wide open Internet at certain places).
Could you please add the ability to restrict this the port binding to localhost only?
The Openssh client defaults to this behavior, as one typically doesn't want the Internet to access one's private resources.