From owner-freebsd-security Wed Feb 23 16: 3: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: from sprig.tougas.net (h24-66-217-148.xx.wave.shaw.ca [24.66.217.148]) by hub.freebsd.org (Postfix) with ESMTP id A6A4237B926 for ; Wed, 23 Feb 2000 16:03:05 -0800 (PST) (envelope-from dtougas@sprig.tougas.net) Received: (from dtougas@localhost) by sprig.tougas.net (8.9.3/8.9.3) id RAA02347 for freebsd-security@freebsd.org; Wed, 23 Feb 2000 17:04:57 -0700 (MST) (envelope-from dtougas) Date: Wed, 23 Feb 2000 17:04:57 -0700 From: Damien Tougas To: freebsd-security@freebsd.org Subject: SSH port forwarding Message-ID: <20000223170457.A2185@tougas.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I am looking at setting up a VPN using the SSH port forwarding features, but I have a question: I have inetd listening on port X for ppp connections. I set up SSH on the client machine to pass all packets going from port X on the client to port X on the server through the secure channel. After starting ppp, I do netstat -a and realize that the actual ppp connection is taking place on random port Y. My question is, is SSH smart enough to realize this has taken place and encrypt the session on port Y as well? If not, how do I set it up so that the random port picked during the negotiation process is also sent through the secure channel? Thanks. -- Damien Tougas, P.Eng. Phone: (780)434-5889 Fax: (780)434-5889 E-mail: damien@tougas.net http://www.tougas.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message