...making Linux just a little more fun!
[ In reference to "Mailbag" in LG#144 ]
Kapil Hari Paranjape [kapil at imsc.res.in]
Dear TAG-ers,
I am enclosing a qeury received regarding #144.
Regards,
Kapil.
P.S. (to aditya) please do not mail TAG members directly. Use the mailing list address as above instead.
----- Forwarded message from Aditya Bhiday <aditya.bhiday@gmail.com> -----
Date: Sat, 21 Feb 2009 11:18:15 +0530 Subject: Regarding Proxy Tunneling (TLDP) From: Aditya Bhiday <aditya.bhiday@gmail.com> To: kapil@imsc.res.inHi,
I came across a post at http://tldp.org/LDP/LGNET/144/misc/lg/qu[...]om_being_used_as_a_socks_proxy.htmlwhich said that
"AllowTcpForwarding Specifies whether TCP forwarding is permitted. The default is "yes". Note that disabling TCP forwarding does not improve security unless users are also denied shell access, as they can always install their own forwarders."
I was just experimenting around with tunneling and as to how to block it. Please could explain to me how one can install their own forwarders if ssh tunneling is blocked, or the name of such a forwarding software?
Thanks,
Regards, Aditya Bhiday
----- End forwarded message -----
Aditya Bhiday [aditya.bhiday at gmail.com]
Oh, I'm sorry. I'm new to mailing lists. I'll keep that in mind.
However when I send a message to mailing list I am not a part of, do I receive the replies to my messages in my Inbox?
Regards, Aditya
Kapil Hari Paranjape [kapil at imsc.res.in]
Hello,
On Sat, 21 Feb 2009 Aditya Bhiday wrote:
> I was just experimenting around with tunneling and as to how to block it. > Please could explain to me how one can install their own forwarders if ssh > tunneling is blocked, or the name of such a forwarding software?
IF:
- shell account access is enabled and - the user of that shell account can install programs and - run these programsthen forwarding is possible.
For example, the user can install "slirp" which takes a tty and converts it into a ppp server. The user can then attach a pppd process to the other end of the tty.
Kapil. --
Aditya Bhiday [aditya.bhiday at gmail.com]
Yes, but if it an ordinary user, with no administrative powers, then just disabling the TCP forwarding in the ssh daemon config should block all tunneling right?
Regards, Aditya
References
Rick Moen [rick at linuxmafia.com]
Quoting Aditya Bhiday (aditya.bhiday@gmail.com):
> Oh, I'm sorry. I'm new to mailing lists. > I'll keep that in mind. > > However when I send a message to mailing list I am not a part of, do I > receive the replies to my messages in my Inbox?
Not automatically. However: (1) TAG mailing list members make a point of CCing querents under the assumption that they are not subscribed, specifically so that you do get copies, and (2) you or anyone else are of course very welcome to join the TAG mailing list. (See URL at bottom.) You might merely find following the discussions to be interesting, and eventually might wish to participate. That's how we get new members of The Answer Gang! ;->
-- Cheers, "Please return all dogmas to their orthodox positions." Rick Moen -- Brad Johnson, in r.a.sf.w.r-j rick@linuxmafia.com
Kapil Hari Paranjape [kapil at imsc.res.in]
Hello,
On Sat, 21 Feb 2009, Aditya Bhiday wrote:
> On Sat, Feb 21, 2009 at 11:39 AM, Kapil Hari Paranjape <kapil@imsc.res.in>wrote: > > For example, the user can install "slirp" which takes a tty and > > converts it into a ppp server. The user can then attach a pppd > > process to the other end of the tty.
> Yes, but if it an ordinary user, with no administrative powers, then just > disabling the TCP forwarding in the ssh daemon config should block all > tunneling right?
An "ordinary" user with a shell account can generally download a program to their home directory and run it. So I don't understand your remark.
Kapil. --