Sylvain Beucler <[EMAIL PROTECTED]> tapota :
>>
>> I am not sure to understand your example. In your exemple, you asked
>> for a CVS server command. A command you must allow anyway in order to
>> provide CVS over SSH.
>>
>> So one can do port forwarding with a legitimate command. What's the
>> point? What the problem?
>
> The problem is not "cvs server", it is the -L option (that can be done
> only if I can execute a valid remote command.
>
> Then, I think one can do -L8080:mail.gna.org:25 and send spam from
> inside Gna!, for example.
Would you like to do a test?
>> Now, one someone can perform an attack with a "cvs server" command,
>> and how can you provide ssh access without allowing "cvs server"
>> commands from authentified users?
>
> You still provide cvs server, but you then disable port-forwarding.
>
> And since, as a sysadmin, you may need port-forwarding for your own
>needs, it may be a solution to put it in users' ~/authorized_keys
>instead of in sshd_config (but see below).
AllowTcpForwarding
Specifies whether TCP forwarding is permitted. The default is
``yes''. Note that disabling TCP forwarding does not improve
security unless users are also denied shell access, as they can
always install their own forwarders.
As sysadmin, you have unrestricted shell access. So there's no need
for you do something specific with ~/authorized_keys.
If you want to disable port forwarding, you should reconfigure your
daemon. I'm still unconvinced by the logic of using ~/ to store files
on which depends security.
