Command-restricted users are NOT the SSH default. If the sysadmin is taking the ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		humbledrone on Aug 8, 2009 \| parent \| context \| favorite \| on: Why is ssh insecure by default? [AllowTcpForwardi... Command-restricted users are NOT the SSH default. If the sysadmin is taking the trouble to restrict the user's privileges, they need to restrict forwarding as well. By the argument that you and others make, the SSH server should not allow ANY access at all by default -- the sysadmin should apparently have to enable everything explicitly.

antonovka on Aug 8, 2009 [–]

Given the fact that the organization responsible for creating OpenSSH has -- on more than one occasion-- left their own servers susceptible to abuse due to SSH forwarding issues, it seems reasonable to assume that the default setting most likely to prevent abuse is "off".

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact