Direct-tcpip #1487
Comments
|
Per
|
|
It's a bit unclear to me, what are we doing with this issue? Sounds like a legit use of SSH and folks should realize that session recording cannot possibly record other traffic. Update the docs? |
|
no, add the flag to support turning |
|
Silly question, but even without being able to record the session, do we audit log the other traffic, like the user setup the following tunnel, or used SCP to copy a file of x bytes to the destination? |
|
some of it in audit events, yes |
|
makes sense, I didn't realize we haven't done it yet. kind: role
version: v3
metadata:
name: admin
spec:
# SSH options used for user sessions
options:
# port_forwarding controls either users are allowed to forward ports
port_forwarding: true |
|
looks good to me |
* Refactor DownloadScript Screens (#1367) * Tentatively implement Create Database screen (#1372) * Refactor TestConnection Screens (#1375) * Database Tweaks and Add ons (#1412) * Implement mutual TLS screen (#1418) * Add all db options to db selector (#1441) * Tweaks based on design review and regression fixes (#1433) * Implement the IAM policy screen (#1459) * Add database service checker and various db tweaks (#1481) * Temp remove db service checker until bug is fixed (#1495) Co-authored-by: Ryan Clark <ryan.clark@goteleport.com>
Problem
When using the recording proxy can establish a
direct-tcpipconnection to another node and then directly communicate with it bypassing session logging. Teleport should support an option to disabledirect-tcpip.The text was updated successfully, but these errors were encountered: