Sylvain Beucler <[EMAIL PROTECTED]> tapota : > On Tue, Jan 04, 2005 at 12:04:06PM +0100, Mathieu Roy wrote: >> > Incidentally, one can use port forwarding at Gna!, hence make Gna! do >> > unwanted connections, for example: >> > >> > $ ssh [EMAIL PROTECTED] -L 8080:www.gnu.org:80 "cvs server" >> > $ links http://localhost:8080 >> > >> > So, the feature has some usefulness, allowing to make a kind of >> > special sshd_config for Savane-managed users, but I hesitate about >> > including it. >> >> Hum, as we provide ssh access, I guess we can assume that using -L is >> ok. Shouldn't we? > > Not sure; especially in the case where Gna! is used that way as a > gateway to perform an attack or other nasty things. > > Likewise, we provide SSH but we do not provide shell access. > > What do you think?
I am not sure to understand your example. In your exemple, you asked for a CVS server command. A command you must allow anyway in order to provide CVS over SSH. So one can do port forwarding with a legitimate command. What's the point? What the problem? Saying "we provide SSH" looks meaningless to me. You provide different kind of access _with SSH_. If you force usage of a command inside the authorized_keys files, you give a shell that can only run this command. You are still, somehow providing a shell. Now, one someone can perform an attack with a "cvs server" command, and how can you provide ssh access without allowing "cvs server" commands from authentified users? As far I can tell, port forwarding is a feature like X11 forwarding or else. It can be convenient to users but in no way it grants rights that would not be already given by the shell access they use. If it was not working that way, we could assume that ssh would be severely flawed, breaking security of almost 99% of servers using it -hard to believe.
