Florian Effenberger wrote:
I severely disagree. If you are allowing SSH connections to a machine, it would be trivial to work around the TCP port forward built in to ssh... Why did you put a bug in about this rather than a solution involving perhaps a debconf patch? Maybe ask a question during install for different "hardened" levels of configuration, but for most people, TCP port forwarding isn't a bug deal. In fact it helps me secure my jabber, pop3, and imap connections.Package: ssh Version: 3.6.1p2-12 Due to security considerations, /etc/ssh/sshd_config should containAllowTcpForwarding no
-Roger