From owner-freebsd-net Sun Sep 8 1:26:41 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F215737B400 for ; Sun, 8 Sep 2002 01:26:37 -0700 (PDT) Received: from smtp.inode.at (goliath.inode.at [195.58.161.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id 83D8F43E6A for ; Sun, 8 Sep 2002 01:26:37 -0700 (PDT) (envelope-from mbretter@inode.at) Received: from line-e-127.adsl-dynamic.inode.at ([62.99.165.127] helo=inode.at) by smtp.inode.at with esmtp (Exim 3.34 #1) id 17nxOu-0005qz-00 for freebsd-net@FreeBSD.ORG; Sun, 08 Sep 2002 10:26:36 +0200 Message-ID: <3D7B0928.2020403@inode.at> Date: Sun, 08 Sep 2002 10:24:08 +0200 From: Michael Bretterklieber User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; de-AT; rv:1.1) Gecko/20020826 X-Accept-Language: de-de, de-at, de, en-us, en MIME-Version: 1.0 To: freebsd-net@FreeBSD.ORG Subject: Re: protocol inspection (tunneling ssh over http proxy) References: <3D7AFFD4.6020500@inode.at> <3D7B05C7.E254DAB0@argos.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, the problem is that they use not port 22 for the ssh connection, they use port 80 or 443. I need some software that gurantees that over the http-port flows only http and not someting else. bye, Mike Nowlin schrieb: >>We have problems in our company, that some users, wich have not directly >>access to the internet, let ssh tunnel over our http-proxy. Extending >>ssh for tunneling is very easy (see Putty or corkscrew) and its also not >>a problem for them to let on another machine sshd run on port 443 or 80. >> >>At the moment I have no idea how to prevent the users from tunneling ssh >>over http. > > > You mean that they're opening connections via SSH through the proxy to > remote machines on port 22, then using the SSH tunnel capability to > allow connections back to their machine over the tunnel? (Sorry, I'm a > bit brain-fried right now.) If so, can't you restrict the proxy to not > allow remote requests out to port 22? > > mike > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > > -- -- -------------------------------------- E-mail: Michael.Bretterklieber@jawa.at ---------------------------- JAWA Management Software GmbH Liebenauer Hauptstr. 200 A-8041 GRAZ Tel: ++43-(0)316-403274-12 Fax: ++43-(0)316-403274-10 GSM: ++43-(0)676-93 96 698 homepage: http://www.jawa.at --------- privat ----------- E-mail: mbretter@inode.at homepage: http://www.inode.at/mbretter -------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message