Re: is ssh tunneling a security risk?
--- On Fri, 10/17/08, David M. Kaplan <David.Kaplan@ird.fr> wrote:
> What I am wondering is exactly what "security
> risk" does an ssh tunnel
> pose? I thought you used an ssh tunnel to enhance
> security, not the
> other way around. Can someone give me a reason why it is a
> risk to
> leave this open or give me good arguments that I can
> forward to IT for
> why they should not prohibit tunneling?
The security of tunneling can be tightened a bit by doing a couple things:
+ force key authentication
+ have rules in the public keys limiting what can be forwarded: ie:
Then make sure the user has no ability to modify the authorized_key (make the whole homedir owned by root).
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around