Date: Thu, 1 Mar 2001 00:44:22 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Nate Williams <nate@yogotech.com> Cc: "Aaron D.Gifford" <agifford@infowest.com>, freebsd-security@FreeBSD.ORG Subject: Re: ssh tricks (was Re: ssh -t <host> /bin/sh trick (was Re: ftp Message-ID: <20010301004422.B14501@mollari.cthul.hu> In-Reply-To: <15005.49602.104109.812735@nomad.yogotech.com>; from nate@yogotech.com on Wed, Feb 28, 2001 at 08:28:02PM -0700 References: <01022819094900.04839@jardan.infowest.com> <15005.49602.104109.812735@nomad.yogotech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Wed, Feb 28, 2001 at 08:28:02PM -0700, Nate Williams wrote: > > Are you aware that the FreeBSD SSH installation by default has TCP > > forwarding enabled? > > Yep. Note, the commercial version SSH1 had the ability to turn on/off > port forwarding on a per-user and/or a per-port options. > > So, you could disable/enable all ports but one, and then enable/disable > the particular port for certain users. > > It was pretty nice for setting up 'truly' secure systems that still > allowed some flexibility. > > Too bad this doesn't exist in OpenSSH (or if it does, I haven't found > it). I can't even find mention of this in the ssh.com version - can you point me to it? Kris [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6ngvmWry0BWjoQKURAlZwAJwPXa/4mcIqhwRUWv+JiJPQ4bAiCwCcDu8k ugNjNQdhv4OC9dcau9048gc= =04d1 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010301004422.B14501>