If you let me ssh on that server and I am allowed to ssh from there elsewhere that is not bypassing anything. You allowed me to do that unless it says somewhere that tunnels are not allowed. The question is mainly for which purposes you allowed me to use these things and whether I comply with that. E.g. if I was given a ssh route to reach the some internal LDAP system for software development reasons and I abuse it to stream cat videos on youtube that is on me. But if I use it to reach another internal server that I use for software development, then it is on them.
The alternative would be asking a babysitter for each connection you are making. Sounds like a good way to never get work done.
Also: A good sysadmin will have lines in their /etc/ssh/sshd_config that prevent me from tunneling if they don't want me to do it.
This is the approach I take too. If I need it and I can do it then I'm going to. If you don't want me to then block me.
I must say I've had some raised eyebrows over that approach but if the alternative is not getting my shit done then I'm gonna do it unless explicitly forbidden.
The alternative would be asking a babysitter for each connection you are making. Sounds like a good way to never get work done.
Also: A good sysadmin will have lines in their /etc/ssh/sshd_config that prevent me from tunneling if they don't want me to do it.