Date: Sun, 08 Sep 2002 04:09:43 -0400 From: Mike Nowlin <mike@argos.org> To: Michael Bretterklieber <mbretter@inode.at> Cc: freebsd-net@FreeBSD.ORG Subject: Re: protocol inspection (tunneling ssh over http proxy) Message-ID: <3D7B05C7.E254DAB0@argos.org> References: <3D7AFFD4.6020500@inode.at>
next in thread | previous in thread | raw e-mail | index | archive | help
> We have problems in our company, that some users, wich have not directly > access to the internet, let ssh tunnel over our http-proxy. Extending > ssh for tunneling is very easy (see Putty or corkscrew) and its also not > a problem for them to let on another machine sshd run on port 443 or 80. > > At the moment I have no idea how to prevent the users from tunneling ssh > over http. You mean that they're opening connections via SSH through the proxy to remote machines on port 22, then using the SSH tunnel capability to allow connections back to their machine over the tunnel? (Sorry, I'm a bit brain-fried right now.) If so, can't you restrict the proxy to not allow remote requests out to port 22? mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D7B05C7.E254DAB0>