Working example of multiple permitopen options in authorized_keys

I have a working key in .ssh/authorized_keys with a single permitopen option configured. I went to add an additional permitopen and it does not allow tunnels to the new server. The documentation says:

Multiple PermitOpen options may be applied to the same public key if they are separated by commas and thus a key can allow multiple ports.

However, the documentation does not show any examples. Can someone provide a working example? I've tried both the following:

permitopen="host-1:3389",permitopen="host-2:3389" ssh-rsa AAAAC...

and

permitopen="host-1:3389,host-2:3389" ssh-rsa AAAAC...


Solution 1:

I've gotten it to work. The first example above works.

permitopen="host-1:3389",permitopen="host-2:3389" ssh-rsa AAAAC...

In my case it was not working because the host name is case-sensitive.

I was using the following command to connect:

ssh -f user@tunneler -L 10001:host-1:3389 -L 10002:HOST-2:3389 -N

which failed due to the capitalization of the second hostname.

ssh -f user@tunneler -L 10001:host-1:3389 -L 10002:host-2:3389 -N worked.

It must match exactly what is in the permitopen option.