[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [rhelv5-list] disable reverse ssh in sshd_config ?





FM wrote:
Yes the -R, ... And I am part of the network team LOL


Allowing inbound ssh w/ shell access means that your network perimeter/firewall is swiss cheese.

I'm assuming that disallowing inbound ssh is not an option. If that's the case, then you can't do anything to guarantee that folks can't do things you don't want them to do. You can set the directives:

AllowTcpForwarding no
GatewayPorts no

However, the sshd_config man page has this to say about AllowTcpForwarding:

 "Note that disabling TCP forwarding does not improve secu-
             rity unless users are also denied shell access, as they can
             always install their own forwarders."


Hugh

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]