-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rick Warner wrote:
>Scenario: dangerous user A, who knows enough to do harm but not enough to >know he is dangerous, decides that Company Z does not allow all the >protocols he wants to/from his home network. Company Z policy is that NO >in-bound traffic is allowed, but that outbound traffic for HTTP/S, SSH, >FTP is permitted. User A then sets up an outbound tunnel to his home >network using SSH, >This is why the tunnelling features need to be completely separated, IMHO. Yes, I see your point. But it wouldn't be too hard to write a wrapper to prevent your system ssh from allowing that (disallowing cmd line options that you don't like, hardcoding certain other options). Granted, this won't stop someone from installing their own forwarders (or even another ssh client) in their home directory ... but that's a different problem, unrelated to ssh. - -d - -- David Talkington PGP key: http://www.prairienet.org/~dtalk/0xCA4C11AD.pgp -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.75-6 iQA/AwUBPJI0KL9BpdPKTBGtEQIW/wCdG5a4R5203via5wvePbKpeBZ+X2oAoIeq r3ag0NnmJjP5fP0rOK78lvoX =/atk -----END PGP SIGNATURE----- _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
