restricting the SOCKS server
- From: "dmulter" <david@xxxxxxxxxx>
- Date: 27 Feb 2007 16:47:32 -0800
I have a somewhat unique request regarding using SOCKS. I'm currently
using OpenSSH with SOCKS "-D port" just fine to talk to a Web server
that is also running the SSH server. My goal is to use SSH/SOCKS
tunneling to permit secure access to the website running on this
server. I'm able to configure my browser to use the proxy when I
specify a certain URL prefix. I do this using a PAC file that matches
the prefix and only forwards on a match. This works perfectly as my
browser session is tunneled via SSH/SOCKS whenever I access this
website. For other sites, it avoids the SOCKS proxy.
The problem I have is twofold:
1. I want to configure the server such that it only permits access to
the one website. Currently, there's nothing I can do to prevent a
valid SSH session being used to SOCKS proxy to any Internet
destination. For example, someone configures SOCKS for all sites by
not using the PAC file. I only want my users to use the proxy for the
one website I am providing. I'm open to looking at other SOCKS proxy
servers besides the one built into OpenSSH. The only restriction, is
that it must allow restricting of user access via certificates that
are also used for SSH sessions.
2. Each user actually needs to go to a slightly different website on
the same server. For example, user1 goes to site1.website.com, and
user2 goes to site2.website.com. I can of course partition the
websites using port numbers also. How can I control SOCKS proxy
destinations to a specific site or port?
These 2 solutions would permit user routing to multiple websites on a
single webserver, while also preventing use of the proxy for general
Internet websites.
.
- Prev by Date: Re: force private key to use a pass-phrase
- Next by Date: Re: Cygwin ssh and <enter>
- Previous by thread: force private key to use a pass-phrase
- Next by thread: How to react to "authentication failures" in log file
- Index(es):
Relevant Pages
|
