Results 1 to 3 of 3

Thread: Is it Okay to Change AllowTcpForwarding to "yes" (OpenSSH)

  1. #1
    Registered Member
    Join Date
    Feb 2004
    Posts
    9

    Question Is it Okay to Change AllowTcpForwarding to "yes" (OpenSSH)

    Hello All,

    I was used to managing my databases with standalone software such as Navicat etc. But a couple months ago I subscribed to a hardware firewall for my server which settings cannot be changed. I didn't know it would, but this firewall stopped me from connecting to MySQL with my standalone apps.

    I tried for quite awhile to get SSH tunneling working but failed to do so until today. I ran across some info which instructed changing "AllowTcpForwarding no" to "AllowTcpForwarding yes" in /etc/ssh/sshd_config.

    At least one of my apps can now connect to MySQL using SSH tunneling mode!!! BUT, I'm not very techy when it comes to managing a server so I was hoping if anyone could tell me if there are any real dangers or problems with changing AllTcpForwarding to "yes". I read something about "port bouncing" but do not know how much of a danger it is or if there is a way to prevent it but keep AllTcpForwarding as "yes".

    If what I've done is okay I'd appreciate hearing that. But if there is a better way to ssh tunnel past my firewall my ears are open! :-D

    Thanks!
    Peter

  2. #2
    Registered Member This forum account has been confirmed by cPanel staff to represent a vendor. chirpy's Avatar
    Join Date
    Jun 2002
    Location
    Go on, have a guess
    Posts
    13,499

    Default

    AIUI, AllowTcpForwarding is an issue if you don't trust your user base if they have SSH access. Otherwise, it should be OK. The issue I found was the port bouncing that you mentioned, but that only appears to be an issue if you allow anonymous access via SSH (which you most likely don't) or you have untrustworthy users connecting via SSH who can then bounce to normally protected ports.
    Jonathan Michaelson

    cPanel Server Configuration, Security and Antivirus/AntiSpam Services
    http://www.configserver.com

  3. #3
    Registered Member
    Join Date
    Feb 2004
    Posts
    9

    Default

    AIUI, AllowTcpForwarding is an issue if you don't trust your user base if they have SSH access. Otherwise, it should be OK.
    You mean like hosting clients? I'm the only person who has any access to the server. I do web design but it's strictly hands-off for my clients. ;-) So I guess I'm okay on this point.
    The issue I found was the port bouncing that you mentioned, but that only appears to be an issue if you allow anonymous access via SSH
    Like you said I doubt that anonymous access is allowed but to be sure, how could I find out if it is allowed or not? If it's not allowed then I'm going to be one happy camper because I will be able to continue using SSH tunneling. I've missed using my standalone apps!! :-D

    Thanks for all your help!
    Peter

Similar Threads

  1. Replies: 5
    Last Post: 08-01-2014, 10:31 AM
  2. Replies: 1
    Last Post: 11-07-2013, 08:16 AM
  3. Change URL of "Home" & "Logout"
    By XinXang in forum General Discussion
    Replies: 1
    Last Post: 01-28-2005, 05:16 AM
bargain