Is it Okay to Change AllowTcpForwarding to "yes" (OpenSSH)

P

peterallcdn

Member
Feb 4, 2004
16
0
151
Hello All,

I was used to managing my databases with standalone software such as Navicat etc. But a couple months ago I subscribed to a hardware firewall for my server which settings cannot be changed. I didn't know it would, but this firewall stopped me from connecting to MySQL with my standalone apps.

I tried for quite awhile to get SSH tunneling working but failed to do so until today. I ran across some info which instructed changing "AllowTcpForwarding no" to "AllowTcpForwarding yes" in /etc/ssh/sshd_config.

At least one of my apps can now connect to MySQL using SSH tunneling mode!!! BUT, I'm not very techy when it comes to managing a server so I was hoping if anyone could tell me if there are any real dangers or problems with changing AllTcpForwarding to "yes". I read something about "port bouncing" but do not know how much of a danger it is or if there is a way to prevent it but keep AllTcpForwarding as "yes".

If what I've done is okay I'd appreciate hearing that. But if there is a better way to ssh tunnel past my firewall my ears are open! :-D

Thanks!
Peter
 
chirpy

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
AIUI, AllowTcpForwarding is an issue if you don't trust your user base if they have SSH access. Otherwise, it should be OK. The issue I found was the port bouncing that you mentioned, but that only appears to be an issue if you allow anonymous access via SSH (which you most likely don't) or you have untrustworthy users connecting via SSH who can then bounce to normally protected ports.
 
P

peterallcdn

Member
Feb 4, 2004
16
0
151
AIUI, AllowTcpForwarding is an issue if you don't trust your user base if they have SSH access. Otherwise, it should be OK.
Click to expand...
You mean like hosting clients? I'm the only person who has any access to the server. I do web design but it's strictly hands-off for my clients. ;-) So I guess I'm okay on this point.
The issue I found was the port bouncing that you mentioned, but that only appears to be an issue if you allow anonymous access via SSH
Click to expand...
Like you said I doubt that anonymous access is allowed but to be sure, how could I find out if it is allowed or not? If it's not allowed then I'm going to be one happy camper because I will be able to continue using SSH tunneling. I've missed using my standalone apps!! :-D

Thanks for all your help!
Peter
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
M Changelog suggestion: Showing details of the upcoming changes on the WHM update page. Installation & Updates 1
B SOLVED 106.0.9 to 106.0.13 trying to change my server's OS to AlmaLinux 8?! Installation & Updates 2
B SOLVED CPANEL-40956 - What's new in 102.0.18? I don't understand what CHANGE LOG is... Installation & Updates 20
H cPanel version change from “11.94.0.12” to “11.96.0.11” failed during updatenow. Installation & Updates 2
K In Progress CPANEL-35110 - /proc/stat format changed when using upcp Installation & Updates 2
Similar threads
Changelog suggestion: Showing details of the upcoming changes on the WHM update page.
SOLVED 106.0.9 to 106.0.13 trying to change my server's OS to AlmaLinux 8?!
SOLVED CPANEL-40956 - What's new in 102.0.18? I don't understand what CHANGE LOG is...
cPanel version change from “11.94.0.12” to “11.96.0.11” failed during updatenow.
In Progress CPANEL-35110 - /proc/stat format changed when using upcp
Top Bottom