Re: Limiting SSH reverse tunnels?

From: Leif Nixon (nixon_at_nsc.liu.se)
Date: 10/07/05

Next message: bobby temper: "setting env. var in authorized_keys, 3.5p1"

Previous message: Bhalaji Narayanan: "Not attached to tty..."
In reply to: Patrick Morris: "Re: Limiting SSH reverse tunnels?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: secureshell@securityfocus.com
Date: Fri, 07 Oct 2005 15:55:49 +0200

Patrick Morris <pmorris@hermesinfotech.com> writes:

> What I'm hoping I can do is disable the ability to set up these
> tunnels back into corporate, without destroying the ability to access
> internal machines over non-SSH protocols via the SSH gateways. In
> other words, I'd like to allow forwarding, but only in one direction.

Not possible. Even if you manage to disable the built-in TCP
forwarding, the users would still be able to use separate tools to
forward network traffic over the terminal connection. You're only
making it a little bit harder for them.

-- 
Leif Nixon                       -            Systems expert
------------------------------------------------------------
National Supercomputer Centre    -      Linkoping University
------------------------------------------------------------

Next message: bobby temper: "setting env. var in authorized_keys, 3.5p1"

Previous message: Bhalaji Narayanan: "Not attached to tty..."
In reply to: Patrick Morris: "Re: Limiting SSH reverse tunnels?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]