Re: Question about SSH, well duh.
From: Richard E. Silverman (res_at_qoxp.net)
Date: 07/26/03
- Previous message: Fluker: "Re: Question about SSH, well duh."
- In reply to: Fluker: "Re: Question about SSH, well duh."
- Next in thread: Fluker: "Re: Question about SSH, well duh."
- Reply: Fluker: "Re: Question about SSH, well duh."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 26 Jul 2003 01:15:32 -0400
> OK that makes perfect sense. Now is it then possible to go from a SSH
> server to yet another trusted SSH server from the client, which would
> be like this:
> SSH cleint>SSH Server>SSH Server and back again. This would make the
> middle SSH Server unable to decrypt teh information, correct?
It depends on what you mean by "go from." If you're doing this:
A% ssh B ssh C
then the data is decrypted by B and re-encrypted for transport over the
second SSH connection. However, if you funnelled the first SSH connection
through the second by proxying or tunnelling, then B would have no special
vantage point with regard to the data. E.g.
A% ssh -o proxycommand="ssh B nc C 22" C
or
A% ssh -L 1234:C:22 B
A% ssh localhost -p 1234 -o hostkeyalias=C
-- Richard Silverman res@qoxp.net
- Previous message: Fluker: "Re: Question about SSH, well duh."
- In reply to: Fluker: "Re: Question about SSH, well duh."
- Next in thread: Fluker: "Re: Question about SSH, well duh."
- Reply: Fluker: "Re: Question about SSH, well duh."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
