Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'SSH Tunneling with Panther Server' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
SSH Tunneling with Panther Server
Authored by: victory on Nov 09, '04 07:40:05PM
I think the original poster was describing how he needed to configure an SSH server for tunneling, not the ssh client which requires no such configuration (just proper use of the cmd-line switches as shown in your examples).

Most OpenSSH-based sshd servers now come wiht port-forwarding disabled by default (i.e. the 'AllowTcpForwarding' entry in /etc/sshd_config is set to 'no', commented out, or absent entirely). No doubt this is to prevent potential abuse or unintended side-effects.

...

BTW, just a common reminder to anyone enabling SSH port-forwarding on their servers:

While SSH with tunneling is a great tool for securing plaintext protocols (FTP, POP, IMAP, etc) and incredibly useful for doing remote admin, just remember that if you, the admin can do it this, then generally any user on your server whom you give SSH-access to can also see hosts on your internal network. And since all traffic is tunneled inside an SSH session, the content of these remote connections effectively bypasses any firewalls or content filters that are in place.

Finally, if you plan to enable tunneling/port-forwarding on your SSH server, NEVER create 'anonymous' or 'public' SSH-enabled accounts. This leaves your server open to a class of exploits known as 'port bouncing'. Basically this involves an unauthorized party (which could be inside or outside your network) using your SSH server to 'bounce' their traffic across your firewall for them.

Sadly, it's the port-fowarding feature of SSH2 servers that causes a lot of netadmins block all SSH2/port 22 access on their firewalls entirely.

[ Reply to This | # ]