Re: Securing ssh tunnels.

From: Markus Friedl (markus_at_openbsd.org)
Date: 06/25/03

  • Next message: Andrew McCall: "sftp Newbie Questions!" 
    Date: Wed, 25 Jun 2003 10:42:19 +0200
To: secureshell@securityfocus.com

    On Wed, Jun 25, 2003 at 11:54:33AM +1000, Darren Reed wrote:
    > In a recent encounter with another company, we attempted to get ssh
    > access through their firewall but got turned down because it was too
    > insecure.
    >
    > ie. with ssh tunneling there is very little real access control on
    > network data between the two systems and unlike plain text protocols
    > which can be proxied to ensure correctness of content, this is not
    > possible with ssh tunnels.

    you can always tunnel. you can even use ssh and 'sshd -i' for tunneling
    if only encrypted telnet is allowed through their firewall.

  • Next message: Andrew McCall: "sftp Newbie Questions!"

    Relevant Pages

    • Re: ssh terminates connection
      ... > when using ssh I encounter the following situation ... > after a short moment of inactivity: ... Perhaps the session state is being timed out by the firewall or NAT ...
      (freebsd-questions)
    • Establish persistant outbound connection for covert application
      ... other ACLs that prevent us from connecting into the suspect machine. ... To tackle this problem I have been able to setup SSH tunneling and ... making the suspects computer establish the SSH connection to our ... connection) to awaiting connection server or service for redirection. ...
      (Security-Basics)
    • Re: Securing ssh tunnels.
      ... > actuality, what they are saying is that SSH is TOO SECURE, so they can't ... >> ie. with ssh tunneling there is very little real access control on ... I'd guess they don't want sshd running on their firewall and can't ... out how to route through a secure incoming ssh connection, ...
      (SSH)
    • Re: Securing ssh tunnels.
      ... >> ie. with ssh tunneling there is very little real access control on ... >> possible with ssh tunnels. ... connection to an outside host. ...
      (SSH)
    • Re: using a remote IMAP server and smarthost
      ... But when I want to send mail, I have to open a webmail ... ssh tunneling and/or with remotely running sendmail via ssh. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
      (Debian-User)