new option [ssh] forwarding=false this will disable all ssh forwarding

cowrie.cfg.dist

@@ -238,6 +238,9 @@ forward_redirect_587 = 127.0.0.1:12525
 # Enable SSH support, enabled by default
 enabled = true
 
+# Enable SSH direct-tcpip forwarding, enabled by default
+forwarding = true
+
 # ============================================================================
 # Telnet Specific Options
 # ============================================================================

cowrie/core/avatar.py

@@ -7,7 +7,6 @@ This module contains ...
 
 from zope.interface import implementer
 
-import twisted
 from twisted.conch import avatar
 from twisted.conch.interfaces import IConchUser, ISession, ISFTPServer
 from twisted.conch.ssh import filetransfer as conchfiletransfer
@@ -30,9 +29,7 @@ class CowrieUser(avatar.ConchUser):
         self.server = server
         self.cfg = self.server.cfg
 
-        self.channelLookup.update(
+        self.channelLookup['session'] = session.HoneyPotSSHSession
-            {"session": session.HoneyPotSSHSession,
-             "direct-tcpip": forwarding.cowrieOpenConnectForwardingClient})
 
         try:
             pwentry = pwd.Passwd(self.cfg).getpwnam(self.username)
@@ -51,6 +48,14 @@ class CowrieUser(avatar.ConchUser):
         except ValueError as e:
             pass
 
+        # SSH forwarding disabled only when option is explicitly set
+        self.channelLookup['direct-tcpip'] = forwarding.cowrieOpenConnectForwardingClient
+        try:
+            if self.cfg.getboolean('ssh', 'forwarding') == False:
+                del self.channelLookup['direct-tcpip']
+        except:
+            pass
+
 
     def logout(self):
         """