# Users using ssh to create virtual tunnels



## Davers (Nov 23, 2012)

How do I stop users from creating virtual tunnels and chewing up loads of bandwidth??

I noticed in /etc/ssh/ there is a config file. I am not sure if this is a good place to start. There really is no way to monitor this type of activity 
running "top" command? At least I haven't found a way to isolate this type of activity. re-nice a process of suspicion isn't very helpful either.

Any insight on this would be greatly appreciated.
Thanks
Dave


----------



## kpa (Nov 23, 2012)

sshd_config(5)


```
AllowTcpForwarding
             Specifies whether TCP forwarding is permitted.  The default is
             ``yes''.  Note that disabling TCP forwarding does not improve
             security unless users are also denied shell access, as they can
             always install their own forwarders.
```


----------



## albertobsd (Nov 27, 2012)

Also you can tune the kernel limits:

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-kernel-limits.html


----------

