From owner-freebsd-questions@FreeBSD.ORG Wed Nov 29 18:56:19 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 34D3E16A407 for ; Wed, 29 Nov 2006 18:56:19 +0000 (UTC) (envelope-from atom.powers@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6ED8443CA8 for ; Wed, 29 Nov 2006 18:56:15 +0000 (GMT) (envelope-from atom.powers@gmail.com) Received: by nf-out-0910.google.com with SMTP id x37so2828089nfc for ; Wed, 29 Nov 2006 10:56:17 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=QlJb1yAZHXzIxagPKGepVdMVp4XyysKW+JLORF/H3ksISCBeaiqkPwzammzbfy8Vk4tu7ZtKuyfZhAqtQc8yb1WuFCEdmvylgD8eexmyylFi8NX1RiZzPAfczu4kh00kKFja8WWgOJXjQ6xrvB7zbt66rCaUBp4HdceIugQXt/E= Received: by 10.49.75.2 with SMTP id c2mr6713458nfl.1164826576777; Wed, 29 Nov 2006 10:56:16 -0800 (PST) Received: by 10.49.63.12 with HTTP; Wed, 29 Nov 2006 10:56:16 -0800 (PST) Message-ID: Date: Wed, 29 Nov 2006 10:56:16 -0800 From: "Atom Powers" To: "Tom Judge" In-Reply-To: <456D5A28.4020107@tomjudge.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <000001c712a9$495ccce0$0405a8c0@northamerica.corp.microsoft.com> <456D5A28.4020107@tomjudge.com> Cc: Ansar Mohammed , freebsd-questions@freebsd.org Subject: Re: ssh over http X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Nov 2006 18:56:19 -0000 On 11/29/06, Tom Judge wrote: > Atom Powers wrote: > > On 11/27/06, Ansar Mohammed wrote: > >> Hello All, > >> Is there any ssh over http implementation available for freebsd? > > > > That doesn't even make sense. SSH is a transport layer protocol, HTTP > > is an application layer protocol. > > > > Both HTTP and SSH are application level transports, however both can be > used to tunnel TCP connections. Therefore it is possible to use ssh > over http. The windows putty client can use http proxies to make > outbound connections as long as your http proxy is configured to allow > CONNECT requests to port 22. If you using squid for example with a > defaultish config you will need to update your proxy server configuration. > SSH is often paired with an application, a shell, but that doesn't make it an application layer protocol. SSH establishes and manages a transport layer connection between the client and server, over which you can tunnel most other transport layer protocols. This is very similar to the way SSL/HTTP are being used. SSL and TLS are transport layer protocols that usually use the application layer protocol HTTP. And like SSH, SSL/TLS can be used to tunnel other transport layer protocols. So what we are really talking about here is not "SSH over HTTP" but "SSH through a HTTPS vpn/proxy", which doesn't use HTTP at all once the session is established. Nobody tunnels though HTTP, they use SSL/TLS. -- -- Perfection is just a word I use occasionally with mustard. --Atom Powers--