However, I think that SSH forwarding is the lessor of 2 evils. I feel much better about people forwarding into the office through ssh as opposed to port forwarding directly to the internal server/workstation from the firewall.
--- Bryan Paxton <[EMAIL PROTECTED]> wrote: > On Fri, 2002-02-08 at 07:46, Borsenkow Andrej wrote: > > * Thu Feb 7 2002 Vincent Danen > <[EMAIL PROTECTED]> 3.0.2p1-3mdk > > - disable agent forwarding by default > > > > Why? Can you explain security hole here? > > > > 1. It's not vital to the service > 2. Packet forward or tunneling of any kind can > introduce holes and ways > of circumvention > 3. Past has shown that openssh, though well audited, > can be, was, and > will surely be again vulnerable to attacks, this > includes attacks > against agent forwarding. > > Of course, this is _my_ explanation for such a > choice, and a good choice > IMHO. > In other words, Danen, may want to voice yourself ; > ) > > > -- > Bryan Paxton > Public PGP key: http://www.deadhorse.net/bpaxton.gpg > > "Winning gives birth to hostility. Losing, one lies > down in pain. The > calmed > lie down with ease, having set winning & losing > aside." > Dhp. 201 > > __________________________________________________ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com
