Re: Securing ssh tunnels.

From: Paul Newhouse (newhouse_at_rockhead.com)
Date: 06/26/03

  • Next message: Darren Reed: "Re: Securing ssh tunnels."
    To: secureshell@securityfocus.com, newhouse@pimin.rockhead.com
    Date: Wed, 25 Jun 2003 21:46:44 -0700
    
    

    > In some mail from Paul Newhouse, sie said:
    > >
    > >
    > > I'd guess they don't want (or can't) sshd running on their firewall and can't
    > > figure out how to route through a secure incoming ssh connection, through
    > > the firewall.
    >
    > I was thinking why would you do this and then I thought, shouldn't
    > there be an ssh proxy ? (You can all stone me for suggesting this
    > after you've read it ;)
    >
    > The idea would be to use either an unencrypted ssh connection to a
    > proxy and then the proxy makes an outbound connection to the host.

    I must not understand the situation. They, the corporation that you are
    trying to connect into, block outbound ssh initiated traffic?

    > The problem with this is most obviously that it interferes with the
    > manner in which host authentication is decided unless the proxy was
    > transparent (a la transparent web proxy) in nature so the client
    > was unaware of the MITM. Then there's got to be a problem of the
    > authentication being in clear text ?
    >
    > Well I suppose others must have given some consideration to an ssh
    > proxy in the past and shot the idea down in flames already ?


  • Next message: Darren Reed: "Re: Securing ssh tunnels."