I've released TTSSH 1.5.1: http://www.zip.com.au/~roca/ttssh.html This version fixes a few bugs in the port forwarding code (see below). These fixes should permit LocalForwardingIdentityCheck to be disabled properly, and they should make the check work properly on multihomed hosts. If you're happy with version 1.5, then there is no reason to upgrade. DETAILS There is *nearly* a security problem in 1.5. An off-by-one error means that one entry in the list containing the local host's IP numbers is uninitialized. Therefore a machine with a carefully chosen IP address might be able to get on the list (or a machine with a given IP address might have been able to get that address into the list using extraordinary trickery). However, this turns out to be no problem because another bug binds TTSSH's listening socket to the loopback interface, ensuring that no remote machine can ever connect. (This breaks the "disable LocalForwardingIdentityCheck" feature.) Obviously it's highly undesirable to have security resting on such coincidences, especially when someone else tries to modify the code, so I've released the new version. Thanks to Dean Thompson and Attila Filetoth for their invaluable help. Rob -- [Robert O'Callahan http://www.cs.cmu.edu/~roc 6th year CMU CS PhD student "I have seen the burden God has laid on men. He has made everything beautiful in its time. He has also set eternity in the hearts of men; yet they cannot fathom what God has done from beginning to end." --- Ecclesiastes 3:10-11]
