Date: Sun, 26 Sep 1999 12:32:41 +0200 From: Ollivier Robert <roberto@keltia.freenix.fr> To: freebsd-security@FreeBSD.ORG Subject: Re: Secure gateway to intranet Message-ID: <19990926123241.B18956@keltia.freenix.fr> In-Reply-To: <199909251858.OAA39078@cc942873-a.ewndsr1.nj.home.com> References: <4.1.19990923205643.0095ce70@mail.thegrid.net> <199909251858.OAA39078@cc942873-a.ewndsr1.nj.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
According to Crist J. Clark: > Hmmm... Is there a reason not to just let ssh take care of this for > you? That is, have the hosts on the other end only accept certain > users? Yes, port forwarding. You have no way to control if a user use port forwarding or not. For incoming connections it is easy to block because you can compile sshd with it port fwd but for outgoing, it is more difficult. One can always recompile a ssh with port fwd... And while port fwd is great (I use it every day for CVSup for example), it can be really abused... -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 4.0-CURRENT #74: Thu Sep 9 00:20:51 CEST 1999 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990926123241.B18956>