Le 2016-10-18 10:35, Peter Janos a écrit :
shouldn't the default be "no" for the AllowTcpForwarding? Why is an
insecure option "yes" by default?
Specifies whether TCP forwarding is permitted. The
options are yes (the default) or all to allow TCP
to prevent all TCP forwarding, local to allow local (from
perspective of ssh(1)) forwarding only or remote to allow
forwarding only. Note that disabling TCP forwarding does
improve security unless users are also denied shell access,
they can always install their own forwarders.