Date: Sun, 8 Sep 2002 01:55:02 -0700 (PDT) From: Julian Elischer <julian@elischer.org> To: Michael Bretterklieber <mbretter@inode.at> Cc: freebsd-net@FreeBSD.ORG Subject: Re: protocol inspection (tunneling ssh over http proxy) Message-ID: <Pine.BSF.4.21.0209080153490.50002-100000@InterJet.elischer.org> In-Reply-To: <3D7B0928.2020403@inode.at>
next in thread | previous in thread | raw e-mail | index | archive | help
Run a squid (or apache) proxy for web access, and then ONLY allow port 80 traffic from the proxy. On Sun, 8 Sep 2002, Michael Bretterklieber wrote: > Hi, > > the problem is that they use not port 22 for the ssh connection, they > use port 80 or 443. > > I need some software that gurantees that over the http-port flows only > http and not someting else. > > bye, > > Mike Nowlin schrieb: > >>We have problems in our company, that some users, wich have not directly > >>access to the internet, let ssh tunnel over our http-proxy. Extending > >>ssh for tunneling is very easy (see Putty or corkscrew) and its also not > >>a problem for them to let on another machine sshd run on port 443 or 80. > >> > >>At the moment I have no idea how to prevent the users from tunneling ssh > >>over http. > > > > > > You mean that they're opening connections via SSH through the proxy to > > remote machines on port 22, then using the SSH tunnel capability to > > allow connections back to their machine over the tunnel? (Sorry, I'm a > > bit brain-fried right now.) If so, can't you restrict the proxy to not > > allow remote requests out to port 22? > > > > mike > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-net" in the body of the message > > > > > > -- > -- > -------------------------------------- > E-mail: Michael.Bretterklieber@jawa.at > ---------------------------- > JAWA Management Software GmbH > Liebenauer Hauptstr. 200 > A-8041 GRAZ > Tel: ++43-(0)316-403274-12 > Fax: ++43-(0)316-403274-10 > GSM: ++43-(0)676-93 96 698 > homepage: http://www.jawa.at > --------- privat ----------- > E-mail: mbretter@inode.at > homepage: http://www.inode.at/mbretter > -------------------------------------- > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0209080153490.50002-100000>