From owner-freebsd-security Thu Mar 1 0:44:26 2001 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-158.dsl.lsan03.pacbell.net [63.207.60.158]) by hub.freebsd.org (Postfix) with ESMTP id 0694737B719 for ; Thu, 1 Mar 2001 00:44:23 -0800 (PST) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id E17FC66EEB; Thu, 1 Mar 2001 00:44:22 -0800 (PST) Date: Thu, 1 Mar 2001 00:44:22 -0800 From: Kris Kennaway To: Nate Williams Cc: "Aaron D.Gifford" , freebsd-security@FreeBSD.ORG Subject: Re: ssh tricks (was Re: ssh -t /bin/sh trick (was Re: ftp Message-ID: <20010301004422.B14501@mollari.cthul.hu> References: <01022819094900.04839@jardan.infowest.com> <15005.49602.104109.812735@nomad.yogotech.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="ADZbWkCsHQ7r3kzd" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <15005.49602.104109.812735@nomad.yogotech.com>; from nate@yogotech.com on Wed, Feb 28, 2001 at 08:28:02PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --ADZbWkCsHQ7r3kzd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Feb 28, 2001 at 08:28:02PM -0700, Nate Williams wrote: > > Are you aware that the FreeBSD SSH installation by default has TCP > > forwarding enabled? >=20 > Yep. Note, the commercial version SSH1 had the ability to turn on/off > port forwarding on a per-user and/or a per-port options. >=20 > So, you could disable/enable all ports but one, and then enable/disable > the particular port for certain users. >=20 > It was pretty nice for setting up 'truly' secure systems that still > allowed some flexibility. >=20 > Too bad this doesn't exist in OpenSSH (or if it does, I haven't found > it). I can't even find mention of this in the ssh.com version - can you point me to it? Kris --ADZbWkCsHQ7r3kzd Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6ngvmWry0BWjoQKURAlZwAJwPXa/4mcIqhwRUWv+JiJPQ4bAiCwCcDu8k ugNjNQdhv4OC9dcau9048gc= =04d1 -----END PGP SIGNATURE----- --ADZbWkCsHQ7r3kzd-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message