Why Block Port 22 Outbound?

I don’t see that anyone has spelled out the specific risk with SSH port forwarding in detail.

If you are inside a firewall and have outbound SSH access to a machine on the public internet, you can SSH to that public system and in the process create a tunnel so that people on the public internet can ssh to a system inside your network, completely bypassing the firewall.

If fred is your desktop and barney is an important server at your company and wilma is public, running (on fred):

ssh -R*:9000:barney:22 wilma

and logging in will let an attacker ssh to port 9000 on wilma and talk to barney’s SSH daemon.

Your firewall never sees it as an incoming connection because the data is being passed through a connection that was originally established in the outgoing direction.

It’s annoying, but a completely legitimate network security policy.

Related Posts:

  1. Git: How to solve Permission denied (publickey) error when using Git?
  2. Putty: Getting Server refused our key Error
  3. Copying a local file from Windows to a remote server using scp
  4. ssh: The authenticity of host ‘hostname’ can’t be established
  5. ssh “permissions are too open” error
  6. Permission denied (publickey,keyboard-interactive)
  7. How to deal with “Pseudo-terminal will not be allocated because stdin is not a terminal.”
  8. What is actually in known_hosts?
  9. ‘heroku’ does not appear to be a git repository
  10. How to solve “sign_and_send_pubkey: signing failed: agent refused operation”?
  11. How to fix request failed on channel 0
  12. How to scp in Python?
  13. Forward X11 failed: Network error: Connection refused
  14. PuTTY PSCP error “Local to local copy not supported” when username contains a slash
  15. Starting ssh-agent on Windows 10 fails: “unable to start ssh-agent service, error :1058”
  16. Git error: “Host Key Verification Failed” when connecting to remote repository
  17. Convert PEM to PPK file format
  18. Copying files using rsync from remote server to local machine
  19. How to read iPhone files without jailbreaking?
  20. SSH to Vagrant box in Windows?
  21. How to use Sublime over SSH
  22. Use qdel to delete all my jobs at once, not one at a time
  23. Automating command/script execution using PuTTY
  24. Public and Private Keys are Incorrect for user
  25. How to automate SSH login with password?
  26. ssh returns “Bad owner or permissions on ~/.ssh/config”
  27. How do I change my private key passphrase?
  28. Create a public SSH key from the private key?
  29. How do diff over ssh?
  30. “Add correct host key in known_hosts” / multiple ssh host keys per hostname?
  31. SSH use only my password, Ignore my ssh key, don’t prompt me for a passphrase
  32. ssh-agent forwarding and sudo to another user
  33. Non interactive git clone (ssh fingerprint prompt) [duplicate]
  34. How to check sshd log?
  35. What does “Warning: untrusted X11 forwarding setup failed: xauth key data not generated” mean when ssh’ing with -X?
  36. What’s the difference between authorized_keys and authorized_keys2?
  37. Is my password compromised because I forgot to hit Enter after ssh username?
  38. How do I make ssh fail rather than prompt for a password if the public-key authentication fails?
  39. ssh-keygen does not create RSA private key
  40. OpenSSH: Difference between internal-sftp and sftp-server
  41. What significance does the user/host at the end of an SSH public key file hold?
  42. SSH Suddenly returning Invalid format
  43. How can I prevent the warning No xauth data; using fake authentication data for X11 forwarding?
  44. How to recover from “Too many Authentication Failures for user root”
  45. SFTP logging: is there a way?
  46. Why does my OpenSSH key fingerprint not match the AWS EC2 console keypair fingerprint?
  47. Login without running bash_profile or bashrc
  48. How do I do Multihop SCP transfers between machines?
  49. scp without known_hosts check
  50. How do I validate an RSA SSH public key file (id_rsa.pub)?
  51. How can I run arbitrarily complex command using sudo over ssh?
  52. Add comment to existing SSH public key
  53. ssh connection takes forever to initiate, stuck at “pledge: network”
  54. What is the benefit of not allocating a terminal in ssh?
  55. bad ownership or modes for chroot directory component
  56. Ansible stuck on gathering facts
  57. Is it possible to use rsync over sftp (without an ssh shell)?
  58. SSH Allow Password For One User, Rest Only Allow Public Keys [duplicate]
  59. scp with port number specified
  60. ssh : Permission denied (publickey,gssapi-with-mic)
  61. ssh connect Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password)
  62. scp with port number specified
  63. Could not open a connection to your authentication agent
  64. Could not open a connection to your authentication agent
  65. ssh remote host identification has changed
  66. Is there a way to get all IP addresses of youtube to block it with Windows Firewall?
  67. How to establish ssh key pair when “Host key verification failed”
  68. How to kill a process running on particular port in Linux?
  69. AWS – Disconnected : No supported authentication methods available (server sent :publickey)
  70. How can you find out which process is listening on a TCP or UDP port on Windows?
  71. Perform commands over ssh with Python
  72. How to set ssh timeout?
  73. ssh: The authenticity of host ‘hostname’ can’t be established
  74. Using putty to scp from windows to Linux
  75. mysql_config not found when installing mysqldb python interface
  76. SSH -X “Warning: untrusted X11 forwarding setup failed: xauth key data not generated”
  77. Significance of port 3000 in Express apps
  78. XAMPP Port 80 in use by “Unable to open process” with PID 4
  79. ssh: Could not resolve hostname [hostname]: nodename nor servname provided, or not known
  80. stop all instances of node.js server
  81. Pseudo-terminal will not be allocated because stdin is not a terminal
  82. X11 forwarding request failed on channel 0
  83. Node.js Port 3000 already in use but it actually isn’t?
  84. What is the difference between a port and a socket?
  85. What is the difference between ports 465 and 587?
  86. Command line for looking at specific port
  87. SSH library for Java
  88. mysql_config not found when installing mysqldb python interface
  89. mysql_config not found when installing mysqldb python interface
  90. What is process.env.PORT in Node.js?
  91. Pseudo-terminal will not be allocated because stdin is not a terminal
  92. How to download a file from server using SSH?
  93. #1045 – Access denied for user ‘root’@’localhost’ (using password: YES)
  94. How do I kill the process currently using a port on localhost in Windows?
  95. connect to host localhost port 22: Connection refused
  96. Port 80 is being used by SYSTEM (PID 4), what is that?
  97. channel 3: open failed: connect failed: Connection refused
  98. Getting “socket.error: [Errno 61] Connection refused” python paramiko
  99. How to specify the private SSH-key to use when executing shell command on Git?
  100. X Error of failed request: BadValue (integer parameter out of range for operation)

Leave a Comment

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)