Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 29 Nov 2006 10:56:16 -0800
From:      "Atom Powers" <atom.powers@gmail.com>
To:        "Tom Judge" <tom@tomjudge.com>
Cc:        Ansar Mohammed <ansarm@gmail.com>, freebsd-questions@freebsd.org
Subject:   Re: ssh over http
Message-ID:  <df9ac37c0611291056m6224c921nd452f0afbd8b3e79@mail.gmail.com>
In-Reply-To: <456D5A28.4020107@tomjudge.com>
References:  <000001c712a9$495ccce0$0405a8c0@northamerica.corp.microsoft.com> <df9ac37c0611280935s5a757f27r9ead25f6dc142f25@mail.gmail.com> <456D5A28.4020107@tomjudge.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On 11/29/06, Tom Judge <tom@tomjudge.com> wrote:
> Atom Powers wrote:
> > On 11/27/06, Ansar Mohammed <ansarm@gmail.com> wrote:
> >> Hello All,
> >> Is there any ssh over http implementation available for freebsd?
> >
> > That doesn't even make sense. SSH is a transport layer protocol, HTTP
> > is an application layer protocol.
> >
>
> Both HTTP and SSH are application level transports,  however both can be
> used to tunnel TCP connections.  Therefore it is possible to use ssh
> over http.  The windows putty client can use http proxies to make
> outbound connections as long as your http proxy is configured to allow
> CONNECT requests to port 22.  If you using squid for example with a
> defaultish config you will need to update your proxy server configuration.
>

SSH is often paired with an application, a shell, but that doesn't
make it an application layer protocol. SSH establishes and manages a
transport layer connection between the client and server, over which
you can tunnel most other transport layer protocols.

This is very similar to the way SSL/HTTP are being used. SSL and TLS
are transport layer protocols that usually use the application layer
protocol HTTP. And like SSH, SSL/TLS can be used to tunnel other
transport layer protocols.

So what we are really talking about here is not "SSH over HTTP" but
"SSH through a HTTPS vpn/proxy", which doesn't use HTTP at all once
the session is established.

Nobody tunnels though HTTP, they use SSL/TLS.

-- 
--
Perfection is just a word I use occasionally with mustard.
--Atom Powers--



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?df9ac37c0611291056m6224c921nd452f0afbd8b3e79>