Sunday, September 27, 2009
Disabling SSH Tunneling
As a corollary to my last post I wanted to describe how to disable TCP forwarding.
You will want to add or uncomment the following line and make sure it is set to no in /etc/ssh/sshd_config
The default is “yes"
Note you will want to make sure that users do not have permissions to set their own forwarders, but this is the global disabling.
This can also be done on a per user basis with the enforce key-based authentication and use per-key directives in each user's authorized_keys file. This is further explained in "AUTHORIZED_KEYS FILE FORMAT" section of sshd http://man.he.net/man5/authorized_keys
I have not done this myself but maybe something you want to evaluate if you are hosting a shared resource.
You will want to add or uncomment the following line and make sure it is set to no in /etc/ssh/sshd_config
AllowTcpForwarding noThe default is “yes"
Note you will want to make sure that users do not have permissions to set their own forwarders, but this is the global disabling.
This can also be done on a per user basis with the enforce key-based authentication and use per-key directives in each user's authorized_keys file. This is further explained in "AUTHORIZED_KEYS FILE FORMAT" section of sshd http://man.he.net/man5/authorized_keys
I have not done this myself but maybe something you want to evaluate if you are hosting a shared resource.
Labels: Linux, Remote Administraton, SSH, Tunneling
# posted by Slackerhobo : 5:12 PM
Subscribe to Posts [Atom]
Post a Comment