FM wrote:
Yes the -R, ... And I am part of the network team LOL
Allowing inbound ssh w/ shell access means that your network perimeter/firewall is swiss cheese.
I'm assuming that disallowing inbound ssh is not an option. If that's the case, then you can't do anything to guarantee that folks can't do things you don't want them to do. You can set the directives:
AllowTcpForwarding no
GatewayPorts no
However, the sshd_config man page has this to say about AllowTcpForwarding:
"Note that disabling TCP forwarding does not improve secu-
rity unless users are also denied shell access, as they can
always install their own forwarders."
Hugh
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
