-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 20 Apr 2000, Tony Iannotti wrote:
> On Thu, 20 Apr 2000, David Lang wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> > This is exactly the reason why I do not allow SSH through the firewalls I
> > manage.
>
> You can control that if you can work in concert with the box admins.
> Sshd can be configured not to tunnel, if all you need to support is a
> telnet replacement. Of course, you have to trust the box admins.....
>
Is this really the case?`
example: a development machine. Many programmers have access to it that do
not have admin privilages, if SSH is allowed through the firewall from
that box what is to prevent any user from running their own version of SSH
that is not limited like the "official" version is?
As for not running it on that box, then you have to find someplace else,
like possibly their desktops (not that that's less subject to beig
tampered with is it)
so I see it being back to square one, if you allow SSH through at all you
allow anything through it.
David Lang
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2
iQEVAwUBOP9wST7msCGEppcbAQFsGwgAyF1pxeZ650P09fZZ+Ifolvxfxv9qE8/C
l90tBcrbq0qczyXX3KKe3ycVd7JT/lt15iE3YGXSW0VLLRjYlznlFqYhWkvXt0vZ
ylH23zpO4aopc2qg1Qejm7/FgKGZRxwKd6iuRrEErQzj7aGYaCOqKGXyiZ/7BHdJ
hMIbLdzzc353JQQa6h2ztfZpQnb42Qx1UOwBj5d4cpDxRxxWK/KF6HtbZmhWPFf4
tgQTHxIJTB5jqK7zV8jqY0b5bKTV9hdiPnYshlBqAoeFzL4cGtXh/f831ZkBjqWF
96M00jGnc5MH6mnyfQx9fXBFE1KcXubEJzNI8Evdw4q0qk9w/reAVw==
=Z43h
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
