Date: Wed, 17 Dec 1997 12:26:57 -0700 From: Nate Williams <nate@mt.sri.com> To: Charles Mott <cmott@srv.net> Cc: Marc Slemko <marcs@znep.com>, chat@FreeBSD.ORG Subject: Re: Support for secure http protocols Message-ID: <199712171926.MAA13503@mt.sri.com> In-Reply-To: <Pine.BSF.3.96.971217073751.6934A-100000@darkstar.home> References: <Pine.BSF.3.95.971216234716.18840T-100000@alive.znep.com> <Pine.BSF.3.96.971217073751.6934A-100000@darkstar.home>
next in thread | previous in thread | raw e-mail | index | archive | help
> I still think port 22 encapsulation of crypto has alot of advantages. I > acknowledge it doesn't do everything, but suppose a divert socket daemon > exists which does the following. On outgoing traffic, it checks whether a > remote host has sshd. If so, it redirects all traffic to that host > through port 22 using port forwarding. This builds on techniques which > already exist in natd and ppp -alias. Unfortunately, things don't work that way. The only time 'automatic' use of the old ports occur is on unix (not Wintel), and *only* when you are first setting up the connection (again, only on Unix.) This is intended as a replacement for rsh, which doesn't exist on Wintel boxes. > Clients could be completely decoupled from crypto (they wouldn't even have > to know about ssh port forwarding) . Actually, they do. To enable port forwarding, you must connect to 'localhost', and not to the normal host you want to connect to. In short, you can't use SSH seamlessly and expect things to work with/without it. Finally, you mentioned UDP. UDP is not supported, nor do I believe there is any intent to support it inside of SSH. (DataFellows, the folks who make the commercial SSH client for windows has a VPN product that will forward *all* connections to a remote network, but that is even more obnoxious to setup/use than SSH tunnel.) Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199712171926.MAA13503>