freenx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

> Hmm - we're through the firewall! and we can connect to ANY port that the 
> server is allowed to connect to (both on the server and in the local 
> network).  We can use this to connect to the SMTP port and send mail as if 
> from localhost - in effect we've an open relay.

Note: I know this can be turned of in the sshd_config file for all users - 
but that limits usability of the ssh server.  Normal users should normally 
be allowed to do port-forwarding (they can do it anyway if they have shell 
access).

Note also that the authorized_keys file can contain appropriate keywords
(no-port-forwarding, no-X11-forwarding, no-agent-forwarding)
(see man sshd_config) to make the above fail, but is your server 
configured properly?

Cheers,
MaZe.
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux