Bug#237533: AllowTcpForwarding no should be default

To: Florian Effenberger <floeff@arcor.de>, 237533@bugs.debian.org
Subject: Bug#237533: AllowTcpForwarding no should be default
From: Roger Ward <roger.ward@national-net.com>
Date: Thu, 11 Mar 2004 18:52:26 -0500
Message-id: <[🔎] 4050FBBA.6080807@national-net.com>
Reply-to: Roger Ward <roger.ward@national-net.com>, 237533@bugs.debian.org
In-reply-to: <[🔎] 000e01c407c0$5e144b00$0500a8c0@effenberger>
References: <[🔎] 000e01c407c0$5e144b00$0500a8c0@effenberger>

Florian Effenberger wrote:

Package: ssh
Version: 3.6.1p2-12

Due to security considerations, /etc/ssh/sshd_config should contain

AllowTcpForwarding no

I severely disagree. If you are allowing SSH connections to a machine,it would be trivial to work around the TCP port forward built in tossh... Why did you put a bug in about this rather than a solutioninvolving perhaps a debconf patch?Maybe ask a question during install for different "hardened" levels ofconfiguration, but for most people, TCP port forwarding isn't a bugdeal. In fact it helps me secure my jabber, pop3, and imap connections.


-Roger

Reply to:

Follow-Ups:
- Bug#237533: AllowTcpForwarding no should be default
  - From: "Florian Effenberger" <floeff@arcor.de>

References:
- Bug#237533: AllowTcpForwarding no should be default
  - From: "Florian Effenberger" <floeff@arcor.de>

Prev by Date: Bug#237533: AllowTcpForwarding no should be default
Next by Date: Bug#237533: AllowTcpForwarding no should be default
Previous by thread: Bug#237533: AllowTcpForwarding no should be default
Next by thread: Bug#237533: AllowTcpForwarding no should be default
Index(es):
- Date
- Thread