On Wed, 28 Oct 2020 09:05:33 +0000
Chris Green  wrote:

> Ahem A Rivet's Shot  wrote:
> > On Tue, 27 Oct 2020 17:39:51 +0000
> > Chris Green  wrote:
> >
> > > No port forwarding is needed, that's much of the point.  The
> > > connection goes 'back' through the standard outward ssh connection.
> >
> >         This is why places that really care about security block
> > outgoing ssh.
> >
> So use another port that isn't blocked.

 Typically when this is done all ports are blocked, then some things
are allowed through via proxies (including https with a MITM proxy) that
allow enforcement of policies and monitoring of traffic.

> If you're really concerned about security then you don't allow *any*
> connections to the outside world.  If you do allow connections then
> ssh is likely the least of your worries! :-)

 That's not too dissimilar to removing the power and embedding in
concrete. Stick the work "unrestricted" between allow and connections and
I'd agree.

--
Steve O'Hara-Smith                          |   Directable Mirror Arrays
C:\>WIN                                     | A better way to focus the sun
The computer obeys and wins.                |    licences available see
You lose and Bill collects.                 |    http://www.sohara.org/

--- SoupGate-Win32 v1.05