> shouldn't the default be "no" for the AllowTcpForwarding? Why is an
> insecure option "yes" by default?
> https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf
> Thanks.

this comes up post-authentication

if someone is authenticated, they can do just about everything else also

frankly, I don't think you have got a clear picture of the problem, which
is that even if we disable this, vendors will simply renable it anyways
and nothing changes.

Reply via email to