Re: is ssh tunneling a security risk?
On Friday 17 October 2008, David M. Kaplan wrote:
> you can get
> around the firewall and ssh into a single machine. From there, you have
> to ssh into the machine you want to use.[/color]
> What I am wondering is exactly what "security risk" does an ssh tunnel
> pose? I thought you used an ssh tunnel to enhance security[/color]
First, yes, ssh-ing through the tunnel to an internal host is more securethan
ssh-ing to the gate host and then ssh-ing to the internal host (the latter
has a man-in-the-middle vuln. on the gateway).
Allowing ssh-tunnels (from the admin-of-the-gate perspective) opens up for a
lot more than the above (good) way of use. Take for instance a forgotten
ssh-tunnel with no local-only restriction (-g) pointing somewhere sensitive
(say an internal non-authenticated and/or unpatched wiki web or so...).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
-----END PGP SIGNATURE-----