Re: Securing ssh tunnels.
From: Paul Newhouse (newhouse_at_rockhead.com)
To: email@example.com, firstname.lastname@example.org Date: Wed, 25 Jun 2003 21:46:44 -0700
> In some mail from Paul Newhouse, sie said:
> > I'd guess they don't want (or can't) sshd running on their firewall and can't
> > figure out how to route through a secure incoming ssh connection, through
> > the firewall.
> I was thinking why would you do this and then I thought, shouldn't
> there be an ssh proxy ? (You can all stone me for suggesting this
> after you've read it ;)
> The idea would be to use either an unencrypted ssh connection to a
> proxy and then the proxy makes an outbound connection to the host.
I must not understand the situation. They, the corporation that you are
trying to connect into, block outbound ssh initiated traffic?
> The problem with this is most obviously that it interferes with the
> manner in which host authentication is decided unless the proxy was
> transparent (a la transparent web proxy) in nature so the client
> was unaware of the MITM. Then there's got to be a problem of the
> authentication being in clear text ?
> Well I suppose others must have given some consideration to an ssh
> proxy in the past and shot the idea down in flames already ?