On Sat, 2002-03-16 at 15:48, David Talkington wrote: > > Cameron Simpson wrote: > > >Personally I would opt for the "allow outbound ssh to a set of trusted > >users" approach if possible. At my workplace we're fairly fortunate; most > >of our users are either category 1, and thus in the trusted class. Most > >others are category 3 and can be told why we don't like them to forward > >whatever weird dangerous protocol they wanted and how to arrange their > >specific need more safely. Our few category 4 users don't know enough > >to want ssh outbound. > > The problem there, of course, is that unless you are able to guarantee > that your users cannot install any software of their own, your > category 4's can always get around this.
Right. That's why I suggested allowing outbound SSH only from a few trusted hosts. 'Trusted' in this case means that they are controlled by the network admins, and not their users. Anyone who needs to ssh out gets an account on a trusted host, and can use the ssh there provided. No TCP tunnels are allowed by the ssh or sshd on those hosts.
signature.asc
Description: This is a digitally signed message part
