Firewall Wizards mailing list archives

Re: Summary: SSH through firewall

From: "Jan B. Koum " <jkb () best com>
Date: Wed, 28 Jul 1999 00:54:20 -0700

On Mon, Jul 26, 1999 at 10:23:40AM +0200, "Ginsberg Rainer (QI/INF4) *" <Rainer.Ginsberg () de bosch com> wrote:

Some time ago I asked you wizards about the security 
of ssh from a trusted network to a untrusted network 
through a firewall. Thanks to all who responded.

This is my summary:

1) Most security threats come from insiders.
2) The -R option allows insiders to forward all kind of 
   traffic from the untrusted network to the trusted 
   network.
3) There is no ssh proxy for application gateways that 
   is able to disallow the -R option of ssh.

Therefore, I will not allow ssh through "my" firewall.


        Uhm.. Hi Ginsberg. Just how do you intend on doing that? What if
there is sshd running on port 80. Ohh, you mean you only allow socks
application? Gee -- I go build ssh using --with-socks option then ;)

        If you allow http/https/telnet/etc through your firewall, you should
allow ssh. Just MHO.

-- Yan

Current thread:

Summary: SSH through firewall Ginsberg Rainer (QI/INF4) * (Jul 26)
- Re: Summary: SSH through firewall Ge' Weijers (Jul 27)
- Re: Summary: SSH through firewall Jan B. Koum (Jul 29)