Detecting SSH tunnels on a linux firewall

Matthew Walker rorith at
Wed Jan 10 10:51:28 MST 2007

On Wed, January 10, 2007 10:47 am, Dave Long wrote:
> This situation where the user is ssh'ing to an outside box (from
> inside the network) to a box presumably with squid is what I am trying
> to determine.  I do not want to be an evil admin and block all ssh
> access.

Barring statistical analysis of their traffic patterns, I don't believe
there is any way to stop it. Maybe an expert in SSH and routers can chime
in, but I don't think there's a 'nice' way.

One possibility, if they must have external SSH access is to allow them to
SSH to a DMZ server, and from there, SSH outside the network. This would
block direct tunnels, and you could configure the SSH daemon and clients
on the DMZ to not allowing tunelling.

Matthew Walker
Kydance Hosting & Consulting
LAMP Specialist

More information about the PLUG mailing list