Date: Wed, 17 Dec 1997 14:37:53 -0700 (MST) From: Charles Mott <cmott@srv.net> To: Nate Williams <nate@mt.sri.com> Cc: Marc Slemko <marcs@znep.com>, chat@FreeBSD.ORG Subject: Re: Support for secure http protocols Message-ID: <Pine.BSF.3.96.971217142451.7135A-100000@darkstar.home> In-Reply-To: <199712171926.MAA13503@mt.sri.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 17 Dec 1997, Nate Williams wrote: > > I still think port 22 encapsulation of crypto has alot of advantages. I > > acknowledge it doesn't do everything, but suppose a divert socket daemon > > exists which does the following. On outgoing traffic, it checks whether a > > remote host has sshd. If so, it redirects all traffic to that host > > through port 22 using port forwarding. This builds on techniques which > > already exist in natd and ppp -alias. > > Unfortunately, things don't work that way. The only time 'automatic' > use of the old ports occur is on unix (not Wintel), and *only* when you > are first setting up the connection (again, only on Unix.) This is > intended as a replacement for rsh, which doesn't exist on Wintel boxes. I don't think you understand what I am talking about. See paragraph below. I know what ssh does. I also know what tcp does. > > > Clients could be completely decoupled from crypto (they wouldn't even have > > to know about ssh port forwarding) . > > Actually, they do. To enable port forwarding, you must connect to > 'localhost', and not to the normal host you want to connect to. Read my posting more carefully. Note the reference to natd and ppp -alias. Suppose a packet is is destined for a remote host. In principle, outbound packets can be selectively redirected via NAT type processing to a local port brought up by ssh. When a new connection is needed a new ssh port forwarding relationship could be established (or perhaps when ssh is started up a group of ports could be snarfed up and reused as necessary). Or a new ssh connection with a desired port forwarding relationship can be established for each connection. What I don't know is whether port forwarding relationships can be dynamically created and destroyed during a single ssh session. Probably not, but desirable. This process as described is transparent to the client. I honestly think your comments were condescending without being knowledgable. Of all people, you should be aware that I understand networking at a detailed level. Charles Mott
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.971217142451.7135A-100000>