Detecting SSH tunnels on a linux firewall

Matthew Walker rorith at kydance.net
Wed Jan 10 10:51:28 MST 2007


On Wed, January 10, 2007 10:47 am, Dave Long wrote:
> This situation where the user is ssh'ing to an outside box (from
> inside the network) to a box presumably with squid is what I am trying
> to determine.  I do not want to be an evil admin and block all ssh
> access.
>

Barring statistical analysis of their traffic patterns, I don't believe
there is any way to stop it. Maybe an expert in SSH and routers can chime
in, but I don't think there's a 'nice' way.

One possibility, if they must have external SSH access is to allow them to
SSH to a DMZ server, and from there, SSH outside the network. This would
block direct tunnels, and you could configure the SSH daemon and clients
on the DMZ to not allowing tunelling.

-- 
Matthew Walker
Kydance Hosting & Consulting
LAMP Specialist



More information about the PLUG mailing list