Re: Securing ssh tunnels.
From: Paul Newhouse (newhouse_at_rockhead.com)
Date: 06/26/03
- Previous message: Greg Norris: "Re: DSA VS RSA"
- Maybe in reply to: Darren Reed: "Securing ssh tunnels."
- Next in thread: Van Dooren, Damian: "RE: Securing ssh tunnels."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: secureshell@securityfocus.com, newhouse@pimin.rockhead.com Date: Wed, 25 Jun 2003 21:46:44 -0700
> In some mail from Paul Newhouse, sie said:
> >
> >
> > I'd guess they don't want (or can't) sshd running on their firewall and can't
> > figure out how to route through a secure incoming ssh connection, through
> > the firewall.
>
> I was thinking why would you do this and then I thought, shouldn't
> there be an ssh proxy ? (You can all stone me for suggesting this
> after you've read it ;)
>
> The idea would be to use either an unencrypted ssh connection to a
> proxy and then the proxy makes an outbound connection to the host.
I must not understand the situation. They, the corporation that you are
trying to connect into, block outbound ssh initiated traffic?
> The problem with this is most obviously that it interferes with the
> manner in which host authentication is decided unless the proxy was
> transparent (a la transparent web proxy) in nature so the client
> was unaware of the MITM. Then there's got to be a problem of the
> authentication being in clear text ?
>
> Well I suppose others must have given some consideration to an ssh
> proxy in the past and shot the idea down in flames already ?
- Previous message: Greg Norris: "Re: DSA VS RSA"
- Maybe in reply to: Darren Reed: "Securing ssh tunnels."
- Next in thread: Van Dooren, Damian: "RE: Securing ssh tunnels."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
