wow, thanks for the reply!

"At the time I was running an AnonCVS server and I had realized that
the anonymously connecting clients could use port forwarding to
bounce TCP connections off the server."


was this fixed meanwhile?

 

Sent: Tuesday, October 18, 2016 at 5:01 PM
From: "Christian Weisgerber" <na...@mips.inka.de>
To: misc@openbsd.org
Subject: Re: SSHowDowN
On 2016-10-18, "Peter Janos" <peterjan...@mail.com> wrote:

> so having AllowTcpForwarding=NO would help.
>
> Why is it yes by default? someone requested it to be yes? does anybody
know?

It has always been like this. OpenSSH inherited it from Ylønen-SSH.

In the beginning, OpenSSH didn't even have a configuration option
to disable port forwarding. Sixteen years ago Markus committed the
diff I had submitted that added the AllowTcpForwarding option.

------------------->
CVSROOT: /cvs
Module name: src
Changes by: mar...@cvs.openbsd.org 2000/10/14 06:12:09

Modified files:
usr.bin/ssh : servconf.c servconf.h serverloop.c session.c
sshd.8

Log message:
AllowTcpForwarding; from naddy@
<-------------------

At the time I was running an AnonCVS server and I had realized that
the anonymously connecting clients could use port forwarding to
bounce TCP connections off the server.

--
Christian "naddy" Weisgerber na...@mips.inka.de
 

Reply via email to