Re: ssh tunnel through firewall

From: Jeff (nospam@group.com)
Date: 04/07/03

  • Next message: Darren Tucker: "Re: OpenSSH through a Firewall"
    From: "Jeff" <nospam@group.com>
    Date: Mon, 07 Apr 2003 07:30:32 GMT
    
    

    you can complie or disable ssh tunneling on your ssh server.

    company uses av filter/content filter and so on...and client use ssh
    tunneling to get around it or even manage their home PC to do other work..
    setup egress filtering if possible.

    "Oscar Knight" <knightod@appstate.edu> wrote in message
    news:3E8C924A.29AD9E71@appstate.edu...
    > Hello ALL,
    >
    > Our policy does not directly (well, it does in so many words) deal with
    > ssh tunnels through our firewall, from the inside to the outside. Users
    > on the inside have almost unlimited access outbound, and no inbound
    > access.
    >
    > Ssh tunnels can be used to over come the "no inbound" access for users
    > on the inside. In the strictest sense this is a policy violation.
    >
    > I'm interested in hearing comments/experiences/suggestions/soap box...
    > on the following:
    >
    > 1) What about vendor supported servers that obviously should be on the
    > inside and yet vendor needs access to support. An ssh tunnel or vpn
    > could solve this issue. Do you have a special "security"
    > agreement/contract with the vendor? Comments?
    >
    > 2) What about ssh X-forwarding. Does anyone limit this and/or view it
    > as a hazard? Comments?
    >
    > 3) How risky is ssh port-forwarding from the inside? I'm interested in
    > risk wrt compromise of machine on the outside. What about multi-user
    > box on outside? I think any user on that box has access to your box via
    > the forwarded port. Comments?
    >
    > Thanks in advance!
    > Oscar


  • Next message: Darren Tucker: "Re: OpenSSH through a Firewall"