Re: Securing ssh tunnels.

• Previous message: Asif Iqbal: "Re: scp problem"
• In reply to: Darren Reed: "Securing ssh tunnels."
• Next in thread: Markus Friedl: "Re: Securing ssh tunnels."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 24 Jun 2003 21:45:24 -0700
To: Darren Reed <avalon@caligula.anu.edu.au>

> In a recent encounter with another company, we attempted to get ssh
> access through their firewall but got turned down because it was too
> insecure.
>
> ie. with ssh tunneling there is very little real access control on
> network data between the two systems and unlike plain text protocols
> which can be proxied to ensure correctness of content, this is not
> possible with ssh tunnels.

But if you can log in with, say, telnet, what's to say you're not
tunneling something over that cleartext connection? If instead
of running 'telnet remote' you ran a program that creates a
telnet-protocol connection to the remote end and then launches
'my_fancy_portforward_prog' from the remote command line and
proxies things through that way? It'll still be a valid telnet
session, with the portforward program initiating connections to
the machines behind the firewall at the direction of the client
machine.

I once wrote some code that did this, but it was a pretty unstable
half-day job. I'm sure there's something similar out there currently.

Yes, you can tunnel with SSH. You can tunnel with anything, SSH
just makes it easier and more secure.

--
Brian Hatch                  You need to shave.  If I
   Systems and                met you on the street, I'd
   Security Engineer          cross to avoid you.
http://www.ifokr.org/bri/    --Bree
Every message PGP signed

• application/pgp-signature attachment: stored

• Previous message: Asif Iqbal: "Re: scp problem"
• In reply to: Darren Reed: "Securing ssh tunnels."
• Next in thread: Markus Friedl: "Re: Securing ssh tunnels."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]