SSH Tunneling: Difference between revisions

From HPCWIKI
Jump to navigation Jump to search
Line 13: Line 13:
Leaving port forwarding enabled can expose the organization to security risks and back-doors.
Leaving port forwarding enabled can expose the organization to security risks and back-doors.


'''So make sure SSH AllowTcpForwarding is disabled state in your server.'''
'''<u>So make sure SSH AllowTcpForwarding is disabled state in your server.</u>'''
 


SSH tunnels are widely used in many enterprise environments that employ mainframe systems as their application backends. In those environments the applications themselves may have very limited native [[support]] for security. By utilizing tunneling, compliance with SOX, HIPAA, PCI-DSS, and other standards can be achieved without having to modify the applications.<ref>https://www.tenable.com/audits/items/CIS_Distribution_Independent_Linux_Workstation_L2_v2.0.0.audit:442b5a19a23bed7f8ac3fff5a9c41c01</ref>
SSH tunnels are widely used in many enterprise environments that employ mainframe systems as their application backends. In those environments the applications themselves may have very limited native [[support]] for security. By utilizing tunneling, compliance with SOX, HIPAA, PCI-DSS, and other standards can be achieved without having to modify the applications.<ref>https://www.tenable.com/audits/items/CIS_Distribution_Independent_Linux_Workstation_L2_v2.0.0.audit:442b5a19a23bed7f8ac3fff5a9c41c01</ref>

Revision as of 08:56, 4 May 2023

Background

SSH port forwarding is a mechanism in SSH for tunneling application ports from the client to the server, or servers to clients. It can be used for adding encryption to legacy applications, going through firewalls, and some system administrators and IT professionals use it for opening backdoors into the internal network.

Enable or disable SSH port forwarding

/etc/ssh/sshd_config has parameter


AllowTcpForwarding no|yes


Leaving port forwarding enabled can expose the organization to security risks and back-doors.

So make sure SSH AllowTcpForwarding is disabled state in your server.

SSH tunnels are widely used in many enterprise environments that employ mainframe systems as their application backends. In those environments the applications themselves may have very limited native support for security. By utilizing tunneling, compliance with SOX, HIPAA, PCI-DSS, and other standards can be achieved without having to modify the applications.[1]

Reference

  1. https://www.tenable.com/audits/items/CIS_Distribution_Independent_Linux_Workstation_L2_v2.0.0.audit:442b5a19a23bed7f8ac3fff5a9c41c01
Retrieved from "http://wiki.hpcmate.com/index.php?title=SSH_Tunneling&oldid=775"