Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Emulating ssh's -D option, if TCP forwarding is disabled

from [Thomas Hafner] Network Security [Permanent Link]
Subject: Emulating ssh's -D option, if TCP forwarding is disabled
Date: 11 Nov 2006 12:38:01 +0100 
Hello,

in man sshd_config there's written (see also thread "disabling of TCP
forwarding ineffective?" started on Wed, 1 Nov 2006 17:09:36 -0800
(PST)):

| AllowTcpForwarding
| 
| Specifies whether TCP forwarding is permitted. The default is “yes”.
| Note that disabling TCP forwarding does not improve security unless
| users are also denied shell access, as they can always install their
| own forwarders.

What's the easiest way to install such a forwarder? It shall support
the ``local “dynamic” application-level port forwarding'' (man
sshd), see option -D for ssh.

Here some details (LH == local host, RH == remote host):

- An ordinary user can establish ssh connections from LH to RH, but
  configuration of sshd on remote_host has set AllowTcpForwarding=No.

- On LH there's an application LA which listens on a given port and
  provides a SOCKS4 interface.

- On RH there's an application RA which operates on standard input and
  output like a typical daemon that can be launchend by inetd.
  Actually RA will be launched by ssh -t.

- The services provided by LA will be executed by RA. So there must be
  some bidirectional transfer between LA and RA via ssh -t.

Are there already applications LA and RA like above? Or are there
similiar applications, which can easily be enhanced by configuration
or programming?

I think the hacks mentioned in the thread "disabling of TCP forwarding
ineffective?" are not a sufficient solution, because:

- netcat works as a one shot server, but a continual server is needed
- a SOCKS interface is needed rather than just a simple port
  forwarding

Just an idea: maybe there's somewhere a variant of SSHD which differs
to the original SSHD in these features:

- The variant can be configured also by the user, not only by root
  (somewhat a local sshd_config).
- Login is not needed. That is done by the original SSH connection.
- Even encryption is not needed for the same reason. TCP forwarding is
  the feature that shall definitively stay.

If you feel that I'm posting to the wrong list, can anyone recommend
me a better one, please?

Regards
  Thomas
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Fronting SSH (Linux)Server with Windows repository?, Markus Moeller
Next by Date:  Re: limited upload with sftp, Derek Martin
Previous by Thread:  Scp & sftp with no shell access or restricted access, Massimo
Next by Thread:  Re: Emulating ssh's -D option, if TCP forwarding is disabled, Thomas Hafner
Indexes:  [Date] [Thread] [Top] [All Lists]