> shouldn't the default be "no" for the AllowTcpForwarding? Why is an > insecure option "yes" by default? > https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf > Thanks. >
this comes up post-authentication if someone is authenticated, they can do just about everything else also frankly, I don't think you have got a clear picture of the problem, which is that even if we disable this, vendors will simply renable it anyways and nothing changes.