On 2016-10-18, "Peter Janos" <peterjan...@mail.com> wrote:

> so having AllowTcpForwarding=NO would help.
> Why is it yes by default? someone requested it to be yes? does anybody know?

It has always been like this.  OpenSSH inherited it from Ylønen-SSH.

In the beginning, OpenSSH didn't even have a configuration option
to disable port forwarding.  Sixteen years ago Markus committed the
diff I had submitted that added the AllowTcpForwarding option.

CVSROOT:        /cvs
Module name:    src
Changes by:     mar...@cvs.openbsd.org  2000/10/14 06:12:09

Modified files:
        usr.bin/ssh    : servconf.c servconf.h serverloop.c session.c 

Log message:
AllowTcpForwarding; from naddy@

At the time I was running an AnonCVS server and I had realized that
the anonymously connecting clients could use port forwarding to
bounce TCP connections off the server.

Christian "naddy" Weisgerber                          na...@mips.inka.de

Reply via email to