At 8:58 AM -0500 9/4/98, Stefan "K�rner" wrote: >(But I still trust what i`ve seen with the guy`s next office - and we had >SSH set up all over the department... I cannot tell, however, wether it >was a
SSH can be a HUGE (read VERY LARGE!!!) security hole if you let it. For instance, set up a tunnel from inside the firewall to an outside server that allows anyone on the outside to telnet back through it. Just for good measure, set it up as root, and don't use a passphrase because it has to start from boot. Now anyone who can telnet into the outside server, or even generate outgoing packets on port 23 has encrypted, compressed root access to your internal server!! You won't even be able to sniff it. Port 23 is obvious, but it could have been any port, of course. For instance, a database connection that allows queries from the outside server via an SSH tunnel. An invitation to crackers to find out what breaks your database front end. It might even be a forwarded connection (your internal server is forwarding from some other database server), so your database server may think it's getting safe requests from your local machine, and it's actually got a doorway to the world. SSH is a power tool, and like a Skilsaw, it _will_ cut off your fingers if you put them in the way.
