Why Block Port 22 Outbound?

I don’t see that anyone has spelled out the specific risk with SSH port forwarding in detail.

If you are inside a firewall and have outbound SSH access to a machine on the public internet, you can SSH to that public system and in the process create a tunnel so that people on the public internet can ssh to a system inside your network, completely bypassing the firewall.

If fred is your desktop and barney is an important server at your company and wilma is public, running (on fred):

ssh -R*:9000:barney:22 wilma

and logging in will let an attacker ssh to port 9000 on wilma and talk to barney’s SSH daemon.

Your firewall never sees it as an incoming connection because the data is being passed through a connection that was originally established in the outgoing direction.

It’s annoying, but a completely legitimate network security policy.

Related Posts:

  1. Git: How to solve Permission denied (publickey) error when using Git?
  2. Putty: Getting Server refused our key Error
  3. Copying a local file from Windows to a remote server using scp
  4. ssh: The authenticity of host ‘hostname’ can’t be established
  5. ssh “permissions are too open” error
  6. Permission denied (publickey,keyboard-interactive)
  7. How to deal with “Pseudo-terminal will not be allocated because stdin is not a terminal.”
  8. What is actually in known_hosts?
  9. ‘heroku’ does not appear to be a git repository
  10. How to solve “sign_and_send_pubkey: signing failed: agent refused operation”?
  11. How to fix request failed on channel 0
  12. How to scp in Python?
  13. Forward X11 failed: Network error: Connection refused
  14. PuTTY PSCP error “Local to local copy not supported” when username contains a slash
  15. Starting ssh-agent on Windows 10 fails: “unable to start ssh-agent service, error :1058”
  16. Git error: “Host Key Verification Failed” when connecting to remote repository
  17. Convert PEM to PPK file format
  18. Copying files using rsync from remote server to local machine
  19. How to read iPhone files without jailbreaking?
  20. SSH to Vagrant box in Windows?
  21. How to use Sublime over SSH
  22. Use qdel to delete all my jobs at once, not one at a time
  23. Automating command/script execution using PuTTY
  24. Public and Private Keys are Incorrect for user
  25. How to automate SSH login with password?
  26. ssh returns “Bad owner or permissions on ~/.ssh/config”
  27. How do I change my private key passphrase?
  28. Create a public SSH key from the private key?
  29. How do diff over ssh?
  30. “Add correct host key in known_hosts” / multiple ssh host keys per hostname?
  31. SSH use only my password, Ignore my ssh key, don’t prompt me for a passphrase
  32. ssh-agent forwarding and sudo to another user
  33. Non interactive git clone (ssh fingerprint prompt) [duplicate]
  34. How to check sshd log?
  35. What does “Warning: untrusted X11 forwarding setup failed: xauth key data not generated” mean when ssh’ing with -X?
  36. What’s the difference between authorized_keys and authorized_keys2?
  37. Is my password compromised because I forgot to hit Enter after ssh username?
  38. How do I make ssh fail rather than prompt for a password if the public-key authentication fails?
  39. ssh-keygen does not create RSA private key
  40. OpenSSH: Difference between internal-sftp and sftp-server
  41. What significance does the user/host at the end of an SSH public key file hold?
  42. SSH Suddenly returning Invalid format
  43. How can I prevent the warning No xauth data; using fake authentication data for X11 forwarding?
  44. How to recover from “Too many Authentication Failures for user root”
  45. SFTP logging: is there a way?
  46. Why does my OpenSSH key fingerprint not match the AWS EC2 console keypair fingerprint?
  47. Login without running bash_profile or bashrc
  48. How do I do Multihop SCP transfers between machines?
  49. scp without known_hosts check
  50. How do I validate an RSA SSH public key file (id_rsa.pub)?
  51. How can I run arbitrarily complex command using sudo over ssh?
  52. Add comment to existing SSH public key
  53. ssh connection takes forever to initiate, stuck at “pledge: network”
  54. What is the benefit of not allocating a terminal in ssh?
  55. bad ownership or modes for chroot directory component
  56. Ansible stuck on gathering facts
  57. Is it possible to use rsync over sftp (without an ssh shell)?
  58. SSH Allow Password For One User, Rest Only Allow Public Keys [duplicate]
  59. scp with port number specified
  60. ssh : Permission denied (publickey,gssapi-with-mic)
  61. Could not open a connection to your authentication agent
  62. How to establish ssh key pair when “Host key verification failed”
  63. AWS – Disconnected : No supported authentication methods available (server sent :publickey)
  64. mysql_config not found when installing mysqldb python interface
  65. SSH -X “Warning: untrusted X11 forwarding setup failed: xauth key data not generated”
  66. Node.js Port 3000 already in use but it actually isn’t?
  67. What is the difference between a port and a socket?
  68. What is the difference between ports 465 and 587?
  69. mysql_config not found when installing mysqldb python interface
  70. What is process.env.PORT in Node.js?
  71. Pseudo-terminal will not be allocated because stdin is not a terminal
  72. Getting stty: standard input: Inappropriate ioctl for device when using scp through an ssh tunnel
  73. Copying files from server to local computer using SSH
  74. Docker – Bind for 0.0.0.0:4000 failed: port is already allocated
  75. Nat Punchthrough understanding P2P concept
  76. How to kill a process on a port on ubuntu
  77. EC2 ssh Permission denied (publickey,gssapi-keyex,gssapi-with-mic)
  78. Configure WordPress to connect to Mysql DB using SSH tunneling
  79. Failure to establish connection when provisioning via ansible-playbook server.yml
  80. Unable to update WordPress or install plugins/themes
  81. SSH Server with WordPress
  82. AWS Lightsail WordPress – connect to database on instance using mysqli
  83. Configuring WordPress permissions for easy updates
  84. How do I tell Git for Windows where to find my private RSA key?
  85. Check if port is open or closed on a Linux server?
  86. Permission denied (publickey). SSH from local Ubuntu to Amazon EC2 server
  87. How to reconnect to a disconnected ssh session
  88. Keeping a linux process running after I logout
  89. Why do consoles sometimes hang forever when SSH connection breaks?
  90. How to check if an RSA public / private key pair match
  91. Why does the MySQL command line tool ignore the –port parameter?
  92. What firewall ports need to be open to allow access to external git repositories?
  93. “POSSIBLE BREAK-IN ATTEMPT!” in /var/log/secure — what does this mean?
  94. Can you have more than one ~/.ssh/config file?
  95. SSH from A through B to C, using private key on B [closed]
  96. How can I edit the welcome message when ssh start?
  97. SSHFS mount that survives disconnect
  98. Temporarily ignore my `~/.ssh/known_hosts` file?
  99. How do high traffic sites service more than 65535 TCP connections?
  100. Using wp-cli on remote with quoted commands

Leave a Comment