On Wed, 28 Oct 2020 09:05:33 +0000, Chris Green wrote:

> Ahem A Rivet's Shot  wrote:
>> On Tue, 27 Oct 2020 17:39:51 +0000 Chris Green  wrote:
>>
>> > No port forwarding is needed, that's much of the point.  The
>> > connection goes 'back' through the standard outward ssh connection.
>>
>>         This is why places that really care about security block
>>         outgoing
>> ssh.
>>
> So use another port that isn't blocked.
>
> If you're really concerned about security then you don't allow *any*
> connections to the outside world.  If you do allow connections then ssh
> is likely the least of your worries! :-)

Indeed damage cause by outbound ssh will be because of deliberate action
by a member of staff, in which case all bets are off anyway

Outbound connections to Web pages are more likely to be the cause of
accidental damage  (virus & malware etc.)
unfortunately blocking them does tend to make having any form of internet
connection mostly unusable

blocking all outbound traffic usualy just causes headaches when someone
needs to legitimately use a new service that had not been foreseen.

In my experience IT teams are notoriously obstructive to making changes &
slow to deliver when their hand is forced.



--
/*
 * At first I thought these guys were on crack, but then I discovered the
 * LART.
 */

 - comment from include/linux/mtd/cfi_endian.h

--- SoupGate-Win32 v1.05