[BlueOnyx:15520] Re: MySQL Tunneling SSH
Matt James
matt at rainstorminc.com
Mon Jun 9 15:01:26 -05 2014
OK, great. Thanks Michael and Steven!
--
Matt James
RainStorm, Inc
(207) 866-3908 x54
On Jun 9, 2014, at 3:52 PM, Michael Stauber <mstauber at blueonyx.it> wrote:
> Hi Matt,
>
>> Last night, I performed some overdue yum updates to one of our dev
>> servers. Since the update, using SSH tunneling to log in to MySQL
>> has stopped working. The error I get is: Lost connection to MySQL
>> server at 'reading initial communication packet', system error: 0.
>
> Yeah, we turned that off as there was a creative way to use TCP
> forwarding for spamming. It still required that someone knew or had
> brute-forced login details of a user. But once they had it, they could
> use TCP forwarding to send SPAM as that user even if the user in
> question had no shell access. Which then was pretty difficult to detect
> based on the logfiles alone.
>
> See: "[BlueOnyx:15118] OpenSSL (CenOS-6.5/SL-6.5) CVE-2014-0160" and
> following.
>
> You can enable TCP forwarding on a per user basis as outlined here:
> "[BlueOnyx:15096] Re: Securing against invading spammers"
>
> It is possible to set certain SSH options on a per-user basis in
> sshd_config - such as this:
>
> Match User xyz
> X11Forwarding no
> AllowTcpForwarding yes
>
> That would allow TCP forwarding for user "xyz", but for nobody else.
>
> --
> With best regards
>
> Michael Stauber
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20140609/4359a504/attachment.html>
More information about the Blueonyx
mailing list