I have a server that needs to accept incoming ssh connections with portforwarding. The incoming clients request a port forward from a port on the server to a port locally. They authenticate using a public/private key. So: on the client end -R 40001:localhost:8443 is used to enable the server to connect to its own port 40001 and access an application on the client's port 8443.
How do I restrict the server so that this specific user can only forward port 40001 and no other port? I've looked at permitopen, but it seems to work only for forward, not reverse tunnels.
