--- On Fri, 10/17/08, David M. Kaplan wrote:

>
> What I am wondering is exactly what "security
> risk" does an ssh tunnel
> pose? I thought you used an ssh tunnel to enhance
> security, not the
> other way around. Can someone give me a reason why it is a
> risk to
> leave this open or give me good arguments that I can
> forward to IT for
> why they should not prohibit tunneling?
>
> Thanks,
> David
>


The security of tunneling can be tightened a bit by doing a couple things:
+ force key authentication
+ have rules in the public keys limiting what can be forwarded: ie:
permitopen="10.5.5.1:5000"
Then make sure the user has no ability to modify the authorized_key (make the whole homedir owned by root).


__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com