On Sun, Apr 06, 2014 at 12:24:27PM -0500, Michael Stauber wrote: > But I don't want to go there and add these for all users that don't have > a valid shell. Let us turn off AllowTcpForwarding altogether. That seems the right choice. Thanks. -- Maurice de Laat