On 2016-10-18, "Peter Janos" <peterjan...@mail.com> wrote:
> so having AllowTcpForwarding=NO would help.
> Why is it yes by default? someone requested it to be yes? does anybody know?
It has always been like this. OpenSSH inherited it from Ylønen-SSH.
In the beginning, OpenSSH didn't even have a configuration option
to disable port forwarding. Sixteen years ago Markus committed the
diff I had submitted that added the AllowTcpForwarding option.
Module name: src
Changes by: mar...@cvs.openbsd.org 2000/10/14 06:12:09
usr.bin/ssh : servconf.c servconf.h serverloop.c session.c
AllowTcpForwarding; from naddy@
At the time I was running an AnonCVS server and I had realized that
the anonymously connecting clients could use port forwarding to
bounce TCP connections off the server.
Christian "naddy" Weisgerber na...@mips.inka.de