Re: is ssh tunneling a security risk?



--- On Fri, 10/17/08, David M. Kaplan <David.Kaplan@xxxxxx> wrote:


What I am wondering is exactly what "security
risk" does an ssh tunnel
pose? I thought you used an ssh tunnel to enhance
security, not the
other way around. Can someone give me a reason why it is a
risk to
leave this open or give me good arguments that I can
forward to IT for
why they should not prohibit tunneling?

Thanks,
David


The security of tunneling can be tightened a bit by doing a couple things:
+ force key authentication
+ have rules in the public keys limiting what can be forwarded: ie:
permitopen="10.5.5.1:5000"
Then make sure the user has no ability to modify the authorized_key (make the whole homedir owned by root).


__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com



Relevant Pages

  • Re: [Full-disclosure] Riorey "RIOS" Hardcoded Password Vulnerability
    ... security by having a security hole large enough to drive a bus through. ... a SSH tunnel between the RView application and the device itself. ... Riorey devices running affected "RIOS" versions have a hardcoded username ... 30 July 2009 - Initial vendor contact ...
    (Full-Disclosure)
  • Re: OT: Security question (openssl vs openssh)
    ... I am trying to figure out which is more secure, ... web connections to be done using an ssh tunnel or forcing ssl. ... I'd say that that's a really hard problem to answer definitively, but my gut reaction is that the less complex solution is less likely to involve configuration screw-ups which compromise security. ...
    (freebsd-questions)
  • RE: Timbuktu, etc.
    ... try running any of your remote programs over an SSH tunnel - but we have ... prospectus based upon the core principle concepts of security. ... This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization ...
    (Focus-Microsoft)
  • is ssh tunneling a security risk?
    ... My IT department is really heavy on security. ... they have a rather complex system setup so that you can get ... I have been using a tunnel to hop from my machine ... What I am wondering is exactly what "security risk" does an ssh tunnel ...
    (SSH)