Re: is ssh tunneling a security risk?



--- On Fri, 10/17/08, David M. Kaplan <David.Kaplan@xxxxxx> wrote:


What I am wondering is exactly what "security
risk" does an ssh tunnel
pose? I thought you used an ssh tunnel to enhance
security, not the
other way around. Can someone give me a reason why it is a
risk to
leave this open or give me good arguments that I can
forward to IT for
why they should not prohibit tunneling?

Thanks,
David


The security of tunneling can be tightened a bit by doing a couple things:
+ force key authentication
+ have rules in the public keys limiting what can be forwarded: ie:
permitopen="10.5.5.1:5000"
Then make sure the user has no ability to modify the authorized_key (make the whole homedir owned by root).


__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com