Am 05.04.2018 um 14:11 schrieb Alexander Wuerstlein: > On 2018-04-05T14:07, Nico Kadel-Garcia <nkadel@xxxxxxxxx> wrote: >> How difficult would it be to leave a scheduled security check to >> look for "ssh[ \t].*-R.*" expressions with "pgrep", and file a >> security abuse report if such processes are seen? It could be >> worked around, but should catch the most blatant abusers.so they >> can be notified of inappropriate behavior. > > Additionally, one could grep home directories for relevant > configuration statements in ~/.ssh/config. However that would be > necessarily incomplete, because the other relevant config is > ~/.ssh/authorized_keys on the remote end. Yeah, we thought of these options, too and I assume we will eventually go with them, but as was pointed out, these approaches are simple, et incomplete. That's why we asked in the first place. However, since there does not seem to be any reasonable alternative short than doing way more elaborated software development ourselves, these will have to do. Therefore, I consider this matter closed. Thanks again to everybody who helped. Best regards, Jan
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
