From owner-freebsd-questions Wed Jul 5 5:30:27 2000 Delivered-To: freebsd-questions@freebsd.org Received: from ren.sasknow.com (ren.sasknow.com [207.195.92.131]) by hub.freebsd.org (Postfix) with ESMTP id 9F27D37B5D5 for ; Wed, 5 Jul 2000 05:30:24 -0700 (PDT) (envelope-from ryan@sasknow.com) Received: from localhost (ryan@localhost) by ren.sasknow.com (8.9.3/8.9.3) with ESMTP id GAA03923; Wed, 5 Jul 2000 06:32:40 -0600 (CST) (envelope-from ryan@sasknow.com) Date: Wed, 5 Jul 2000 06:32:39 -0600 (CST) From: Ryan Thompson To: Chris Cc: freebsd-questions@FreeBSD.ORG Subject: Re: TCP/IP forwarding in SSH2 - testing? In-Reply-To: <20000705081928.A7940@kingsqueak.org> Message-ID: Organization: SaskNow Technologies [www.sasknow.com] MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Chris wrote to Ryan Thompson: > On Tue, Jul 04, 2000 at 10:31:21PM -0600, Ryan Thompson wrote: > > > > Hey all... > > > > I've recently begun implementing SSHv2 as a VPN solution with a few remote > > users (employees). I've installed ssh2 from ports under FreeBSD 3.4, and > > verified that logins (with password authentication) work fine from a > > variety of hosts. (Previously, I ran ssh 1.27). > > > > Now, I have attempted to set up port forwarding from remote hosts. I > > think I may have set it up correctly, but I have no adequate way to verify > > that packets are actually being transmitted encrypted. In fact, from what > > I can tell, forwarded ports are being sent in the clear. > > > > If you take a hub, plug the target host into it, plug another machine > into the hub as well, place the second machine's nic in promisc and > sniff...I think you'll find all is well. > Ok... That sounds like good news. The problem is, though, that one network relies on switch technology (every system on its own collision domain), and the other "network" isn't a network at all, but a single system connected to a cable modem. I suppose I'll have to move some cables around temporarily to test. I simply wanted to avoid that if possible. (At least these aren't production machines, though ;-) Thanks, - Ryan -- Ryan Thompson Systems Administrator, Accounts Phone: +1 (306) 664-1161 SaskNow Technologies http://www.sasknow.com #106-380 3120 8th St E Saskatoon, SK S7H 0W2 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message