Detecting SSH tunnels on a linux firewall

Shane Hathaway shane at
Wed Jan 10 14:57:35 MST 2007

Gabriel Gunderson wrote:
> On Wed, 2007-01-10 at 10:47 -0700, Dave Long wrote:
>> This situation where the user is ssh'ing to an outside box (from
>> inside the network) to a box presumably with squid is what I am trying
>> to determine.  I do not want to be an evil admin and block all ssh
>> access.
> Sounds like the bigger problem is a trust issue.  There are many ways
> *technically* to approach the situation (some clearly better then
> others), but maybe management should be made aware of her behavior and
> they can handle it based on an established code of conduct.  You can
> then do what you (presumably) love - work on technical issues.  I know
> when I adopted this approach, it made my job much more pleasant.
> Besides, who wants to work with people they can't trust? :)

I had the same thought, and I'll add that I'm one of those people who 
are tunneling to a private Squid server.  I do that not because I want 
to misbehave, but because our filtering proxy blocks innocent Internet 
access quite often (for example, Subversion, IRC, and the entire Google 
cache) and I need them to do my job.  Coordinate with the people running 
private tunnels and with management.

Ideally, IMHO, you should provide unfiltered Internet access to those 
who need it (presuming they are also trustworthy), so that they don't 
have to waste their time setting up tunnels.


More information about the PLUG mailing list