Re: Securing ssh tunnels.

From: Paul Newhouse (newhouse_at_rockhead.com)
Date: 06/26/03

  • Next message: Darren Reed: "Re: Securing ssh tunnels."
    To: secureshell@securityfocus.com, newhouse@pimin.rockhead.com
    Date: Wed, 25 Jun 2003 21:46:44 -0700
    
    

    > In some mail from Paul Newhouse, sie said:
    > >
    > >
    > > I'd guess they don't want (or can't) sshd running on their firewall and can't
    > > figure out how to route through a secure incoming ssh connection, through
    > > the firewall.
    >
    > I was thinking why would you do this and then I thought, shouldn't
    > there be an ssh proxy ? (You can all stone me for suggesting this
    > after you've read it ;)
    >
    > The idea would be to use either an unencrypted ssh connection to a
    > proxy and then the proxy makes an outbound connection to the host.

    I must not understand the situation. They, the corporation that you are
    trying to connect into, block outbound ssh initiated traffic?

    > The problem with this is most obviously that it interferes with the
    > manner in which host authentication is decided unless the proxy was
    > transparent (a la transparent web proxy) in nature so the client
    > was unaware of the MITM. Then there's got to be a problem of the
    > authentication being in clear text ?
    >
    > Well I suppose others must have given some consideration to an ssh
    > proxy in the past and shot the idea down in flames already ?


  • Next message: Darren Reed: "Re: Securing ssh tunnels."

    Relevant Pages

    • Re: ssh tunnel
      ... Mac Dude wrote: ... out via Google that I have to setup Firefox to use a proxy on my own machine ... and have that proxy be an ssh connection to the remote host, ... The remote host is a Mac OS X machine as well ...
      (comp.sys.mac.comm)
    • Re: Securing ssh tunnels.
      ... > I'd guess they don't want sshd running on their firewall and can't ... > figure out how to route through a secure incoming ssh connection, ... proxy and then the proxy makes an outbound connection to the host. ... transparent (a la transparent web proxy) in nature so the client ...
      (SSH)
    • Re: ssh tunnel
      ... Mac Dude wrote: ... and have that proxy be an ssh connection to the remote host, ... So I setup Firefox to use a Socks 4 proxy on localhost using port ...
      (comp.sys.mac.comm)
    • Re: ssh tunnel
      ... Mac Dude wrote: ... and have that proxy be an ssh connection to the remote host, ... So I setup Firefox to use a Socks 4 proxy on localhost using port ...
      (comp.sys.mac.comm)