Date: Thu, 1 Mar 2001 00:44:22 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Nate Williams <nate@yogotech.com> Cc: "Aaron D.Gifford" <agifford@infowest.com>, freebsd-security@FreeBSD.ORG Subject: Re: ssh tricks (was Re: ssh -t <host> /bin/sh trick (was Re: ftp Message-ID: <20010301004422.B14501@mollari.cthul.hu> In-Reply-To: <15005.49602.104109.812735@nomad.yogotech.com>; from nate@yogotech.com on Wed, Feb 28, 2001 at 08:28:02PM -0700 References: <01022819094900.04839@jardan.infowest.com> <15005.49602.104109.812735@nomad.yogotech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--ADZbWkCsHQ7r3kzd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Feb 28, 2001 at 08:28:02PM -0700, Nate Williams wrote: > > Are you aware that the FreeBSD SSH installation by default has TCP > > forwarding enabled? >=20 > Yep. Note, the commercial version SSH1 had the ability to turn on/off > port forwarding on a per-user and/or a per-port options. >=20 > So, you could disable/enable all ports but one, and then enable/disable > the particular port for certain users. >=20 > It was pretty nice for setting up 'truly' secure systems that still > allowed some flexibility. >=20 > Too bad this doesn't exist in OpenSSH (or if it does, I haven't found > it). I can't even find mention of this in the ssh.com version - can you point me to it? Kris --ADZbWkCsHQ7r3kzd Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6ngvmWry0BWjoQKURAlZwAJwPXa/4mcIqhwRUWv+JiJPQ4bAiCwCcDu8k ugNjNQdhv4OC9dcau9048gc= =04d1 -----END PGP SIGNATURE----- --ADZbWkCsHQ7r3kzd-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010301004422.B14501>