On 2009-08-21, Cian Brennan <cian.bren...@redbrick.dcu.ie> wrote: > Turn off ssh forwarding? set AllowTcpForwarding to no, in your sshd_config.
you can do this in a Match section too if you need to allow it for some users. > Of course, with a bit of effort and some netcat, the user will probably still > be able to turn a normal connection into forwarding, but this should at least > make it more difficult. PF lets you block/pass local connections by userid. It also lets you write UID/PID to the logs if you want a record.
