Le 2016-10-18 10:35, Peter Janos a écrit :
shouldn't the default be "no" for the AllowTcpForwarding? Why is an
insecure option "yes" by default?
https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf
Thanks.


from sshd_config(5)

     AllowTcpForwarding
Specifies whether TCP forwarding is permitted. The available options are yes (the default) or all to allow TCP forwarding, no to prevent all TCP forwarding, local to allow local (from the perspective of ssh(1)) forwarding only or remote to allow remote forwarding only. Note that disabling TCP forwarding does not improve security unless users are also denied shell access, as
             they can always install their own forwarders.

Reply via email to