search

NatLee / telepy

A Django-based web application for managing and monitoring the reverse SSH tunnels or jump servers.
MIT License
6 stars 1 forks source link

[Bug] Critical security issue about permissions with user in SSH server #15

Closed NatLee closed 6 months ago

NatLee commented 6 months ago

沒在sshd_config內設定對使用者telepy的限制

會使所有能夠反向連回我們openssh server的endpoint都可以對我們server上內容進行竄改

為了解決這點必須設定對使用者telepy限制權限