[BlueOnyx:15523] Re: MySQL Tunneling SSH

Matt James matt at rainstorminc.com
Tue Jun 10 09:02:27 -05 2014 

Hi Michael,

A quick follow-up on that.  I tried the config you outlined to turn on TCP Forwarding for select users.  Unfortunately, it appears that the version of sshd on 5106R series does not support the "Match" configuration option.  I double-checked with the sshd_config man page on the server and it isn't listed there.  Is there another way to turn this off per user on those servers?

Thanks!

--
Matt James
RainStorm, Inc
(207) 866-3908 x54

On Jun 9, 2014, at 3:52 PM, Michael Stauber <mstauber at blueonyx.it> wrote:

> Hi Matt,
> 
>> Last night, I performed some overdue yum updates to one of our dev
>> servers.  Since the update, using SSH tunneling to log in to MySQL
>> has stopped working.  The error I get is: Lost connection to MySQL
>> server at 'reading initial communication packet', system error: 0.
> 
> Yeah, we turned that off as there was a creative way to use TCP
> forwarding for spamming. It still required that someone knew or had
> brute-forced login details of a user. But once they had it, they could
> use TCP forwarding to send SPAM as that user even if the user in
> question had no shell access. Which then was pretty difficult to detect
> based on the logfiles alone.
> 
> See: "[BlueOnyx:15118]  OpenSSL (CenOS-6.5/SL-6.5) CVE-2014-0160" and
> following.
> 
> You can enable TCP forwarding on a per user basis as outlined here:
> "[BlueOnyx:15096] Re: Securing against invading spammers"
> 
> It is possible to set certain SSH options on a per-user basis in
> sshd_config - such as this:
> 
> Match User xyz
>       X11Forwarding no
>       AllowTcpForwarding yes
> 
> That would allow TCP forwarding for user "xyz", but for nobody else.
> 
> -- 
> With best regards
> 
> Michael Stauber
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20140610/2a2e4a96/attachment.html>

More information about the Blueonyx mailing list