From owner-freebsd-security Thu Mar 1 8:58:55 2001 Delivered-To: freebsd-security@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 4801037B719 for ; Thu, 1 Mar 2001 08:58:47 -0800 (PST) (envelope-from nate@yogotech.com) Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id JAA10035; Thu, 1 Mar 2001 09:58:40 -0700 (MST) (envelope-from nate@nomad.yogotech.com) Received: (from nate@localhost) by nomad.yogotech.com (8.8.8/8.8.8) id JAA19164; Thu, 1 Mar 2001 09:58:39 -0700 (MST) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15006.32702.776614.341183@nomad.yogotech.com> Date: Thu, 1 Mar 2001 09:58:38 -0700 (MST) To: Kris Kennaway Cc: Nate Williams , "Aaron D.Gifford" , freebsd-security@FreeBSD.ORG Subject: Re: ssh tricks (was Re: ssh -t /bin/sh trick (was Re: ftp In-Reply-To: <20010301004422.B14501@mollari.cthul.hu> References: <01022819094900.04839@jardan.infowest.com> <15005.49602.104109.812735@nomad.yogotech.com> <20010301004422.B14501@mollari.cthul.hu> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > > Are you aware that the FreeBSD SSH installation by default has TCP > > > forwarding enabled? > > > > Yep. Note, the commercial version SSH1 had the ability to turn on/off > > port forwarding on a per-user and/or a per-port options. > > > > So, you could disable/enable all ports but one, and then enable/disable > > the particular port for certain users. > > > > It was pretty nice for setting up 'truly' secure systems that still > > allowed some flexibility. > > > > Too bad this doesn't exist in OpenSSH (or if it does, I haven't found > > it). > > I can't even find mention of this in the ssh.com version - can you > point me to it? It was in the commercial version of their SSH1 product. This was from at least 2 years ago, although I think I still have the product somewhere around here. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message