Date: Wed, 17 Dec 1997 15:18:47 -0700 From: Nate Williams <nate@mt.sri.com> To: Charles Mott <cmott@srv.net> Cc: Nate Williams <nate@mt.sri.com>, Marc Slemko <marcs@znep.com>, chat@FreeBSD.ORG Subject: Re: Support for secure http protocols Message-ID: <199712172218.PAA14340@mt.sri.com> In-Reply-To: <Pine.BSF.3.96.971217142451.7135A-100000@darkstar.home> References: <199712171926.MAA13503@mt.sri.com> <Pine.BSF.3.96.971217142451.7135A-100000@darkstar.home>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > remote host has sshd. If so, it redirects all traffic to that host > > > through port 22 using port forwarding. This builds on techniques which > > > already exist in natd and ppp -alias. > > > > Unfortunately, things don't work that way. The only time 'automatic' > > use of the old ports occur is on unix (not Wintel), and *only* when you > > are first setting up the connection (again, only on Unix.) This is > > intended as a replacement for rsh, which doesn't exist on Wintel boxes. > > I don't think you understand what I am talking about. See paragraph > below. I know what ssh does. I also know what tcp does. You've changed the subject. The original subject was supporting secure HTTP, and now we're dealing with a very specialized setup, and the point is that SSH won't work for the generic solution, and your comments imply that it would work. Now that we've changed the background, it *may* work, but I'm not convinced that the commercial SSH client for Windows is up to the task. I've spent the last couple of months dealing with the issues, so I'd like to think I have a clue here. (Not saying that you don't, but your comments imply to me that you don't have experience with the Wintel SSH client, or understand all that SSH attempts to solve and what it doesn't attempt to solve.) > What I don't know is whether port forwarding relationships can be > dynamically created and destroyed during a single ssh session. Probably > not, but desirable. Definitely not desirable due to security issues. And, if you allow port forwarding then you've got a security hole you can drive a truck through. ;( Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199712172218.PAA14340>