Re: is ssh tunneling a security risk?

--- On Fri, 10/17/08, David M. Kaplan <David.Kaplan@xxxxxx> wrote:

What I am wondering is exactly what "security
risk" does an ssh tunnel
pose? I thought you used an ssh tunnel to enhance
security, not the
other way around. Can someone give me a reason why it is a
risk to
leave this open or give me good arguments that I can
forward to IT for
why they should not prohibit tunneling?


The security of tunneling can be tightened a bit by doing a couple things:
+ force key authentication
+ have rules in the public keys limiting what can be forwarded: ie:
Then make sure the user has no ability to modify the authorized_key (make the whole homedir owned by root).

Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around