From owner-freebsd-security Wed Feb 28 19:28: 7 2001 Delivered-To: freebsd-security@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id AA25837B719 for ; Wed, 28 Feb 2001 19:28:04 -0800 (PST) (envelope-from nate@yogotech.com) Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id UAA26926; Wed, 28 Feb 2001 20:28:03 -0700 (MST) (envelope-from nate@nomad.yogotech.com) Received: (from nate@localhost) by nomad.yogotech.com (8.8.8/8.8.8) id UAA16523; Wed, 28 Feb 2001 20:28:02 -0700 (MST) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15005.49602.104109.812735@nomad.yogotech.com> Date: Wed, 28 Feb 2001 20:28:02 -0700 (MST) To: "Aaron D.Gifford" Cc: freebsd-security@FreeBSD.ORG Subject: RE: ssh tricks (was Re: ssh -t /bin/sh trick (was Re: ftp In-Reply-To: <01022819094900.04839@jardan.infowest.com> References: <01022819094900.04839@jardan.infowest.com> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Are you aware that the FreeBSD SSH installation by default has TCP > forwarding enabled? Yep. Note, the commercial version SSH1 had the ability to turn on/off port forwarding on a per-user and/or a per-port options. So, you could disable/enable all ports but one, and then enable/disable the particular port for certain users. It was pretty nice for setting up 'truly' secure systems that still allowed some flexibility. Too bad this doesn't exist in OpenSSH (or if it does, I haven't found it). Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message