|
|
SSH Tunneling with Panther Server
SSH tunnelling has not been problem for me at all in 10.3 from the CLI. So I don't need this hint.
SSH Tunneling with Panther Server
I don't know. Maybe it's because I'm forwarding admin level (< 1024) port numbers. All I know is that I had to explicily specify AllowTcpForwarding in my server's sshd_config file before it would work. </shrug>
SSH Tunneling with Panther Server
Same here. I have not had this problem. However, I think I did have to open a port in the firewall, but I don't recall. It has been a while since I needed this.
SSH Tunneling with Panther Server
I think the original poster was describing how he needed to configure an SSH server for tunneling, not the ssh client which requires no such configuration (just proper use of the cmd-line switches as shown in your examples).
Most OpenSSH-based sshd servers now come wiht port-forwarding disabled by default (i.e. the 'AllowTcpForwarding' entry in /etc/sshd_config is set to 'no', commented out, or absent entirely). No doubt this is to prevent potential abuse or unintended side-effects. ... BTW, just a common reminder to anyone enabling SSH port-forwarding on their servers: While SSH with tunneling is a great tool for securing plaintext protocols (FTP, POP, IMAP, etc) and incredibly useful for doing remote admin, just remember that if you, the admin can do it this, then generally any user on your server whom you give SSH-access to can also see hosts on your internal network. And since all traffic is tunneled inside an SSH session, the content of these remote connections effectively bypasses any firewalls or content filters that are in place. Finally, if you plan to enable tunneling/port-forwarding on your SSH server, NEVER create 'anonymous' or 'public' SSH-enabled accounts. This leaves your server open to a class of exploits known as 'port bouncing'. Basically this involves an unauthorized party (which could be inside or outside your network) using your SSH server to 'bounce' their traffic across your firewall for them. Sadly, it's the port-fowarding feature of SSH2 servers that causes a lot of netadmins block all SSH2/port 22 access on their firewalls entirely.
SSH Tunneling with Panther Server
Victory is correct. I only had to do this on my server (which is running Panther server), not on my client.
Also, thanks for pointing out the security ramifications of allowing port forwarding. For what it's worth, if you do a man sshd_config, it says this about the AllowTcpForwarding directive: AllowTcpForwarding: Specifies whether TCP forwarding is permitted. The default is ``yes''. Note that disabling TCP forwarding does not improve security unless users are also denied shell access, as they can always install their own forwarders.My server only has accounts for a few trusted friends, and they have limited access rights, so I'm not TOO worried about any of them taking advantage of me or my server. What I found odd is that I did have to explicitly allow port forwarding, even though the man page says it's allowed by default. Maybe Apple changed the defaults, as I know they've done for other things as well. It was kind of annoying though that the default sshd_config file didn't even have AllowTcpForwarding listed so you could at least know what it's currently set to. Strange. |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.14 seconds |
|