On Tue, 2006-01-24 at 17:57, Maciej Żenczykowski wrote:
Hmm - we're through the firewall! and we can connect to ANY port that the server is allowed to connect to (both on the server and in the local network). We can use this to connect to the SMTP port and send mail as if from localhost - in effect we've an open relay.
Note: I know this can be turned of in the sshd_config file for all users - but that limits usability of the ssh server. Normal users should normally be allowed to do port-forwarding (they can do it anyway if they have shell access).
Note also that the authorized_keys file can contain appropriate keywords (no-port-forwarding, no-X11-forwarding, no-agent-forwarding) (see man sshd_config) to make the above fail, but is your server configured properly?
I'd agree that the nx user's authorized_keys file should contain this directive by default if it isn't needed by the protocol. Do you know the right place to post a bug?