Re: OpenSSH-Client without reverse tunnel ability

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 2018-04-05T14:07, Nico Kadel-Garcia <nkadel@xxxxxxxxx> wrote:
> On Thu, Apr 5, 2018 at 7:13 AM, Jan Bergner <jan.bergner@xxxxxxxxxxx> wrote:
> > Hello all.
> >
> > First of all, I want to extend my sincere thanks to all the people who
> > came to the rescue so quickly.
> >
> > In any case, there is obviously room for clarification on my part, so I
> > will try to describe the situation we had in more detail.
> >
> > In short:
> > Employees used the openssh-*client* from *within* our company network to
> > create a *reverse* SSH tunnel, using an *external* SSH-Server. We
> > control the Clients but not the servers.
> > So, we wanted to restrict our *Clients*.
> 
> How difficult would it be to leave a scheduled security check to look
> for "ssh[ \t].*-R.*" expressions with "pgrep", and file a security
> abuse report if such processes are seen? It could be worked around,
> but should catch the most blatant abusers.so they can be notified of
> inappropriate behavior.

Additionally, one could grep home directories for relevant configuration
statements in ~/.ssh/config. However that would be necessarily
incomplete, because the other relevant config is ~/.ssh/authorized_keys
on the remote end.



Ciao,

Alexander Wuerstlein.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux