LinuxSA Mailing list archives

Index: [thread] [date] [subject] [author] [stats]

  From: Alan Kennington <akenning@dog.topology.org>
  To  : Brad <bjones@rebel.net.au>
  Date: Sat, 4 Nov 2000 10:49:15 +1030

Re: ssh redirect failures

On Fri, Nov 03, 2000 at 02:09:17PM +1030, Brad wrote:
> > I'm running the ssh client on a simple SuSE 6.4 machine
> > directly connected to the net over a PPP/phone link to
> > a SuSE 6.2 machine.
> >
> > The client machine has no firewall stuff at all.
> > The sshd machine is connected to the net via a simple
> > rh 5.2 machine with a simple firewall definition.
> 
> Alan,
>     Is there any reason you can't use mod_ssl with apache and use a self
> signed certificate ?
> 

Brad,

Yes. I missed Geoffrey's talk on SSL!
I even brought my return from Europe forward a couple
of days thinking that I'd be landing in Adelaide 24 hours
before his talk, but travel-fatigue got the better of me and
I feel asleep about 30 minutes before his talk!

In fact, the SSL method was one of the other methods I had
been asking about, about 12 months ago when I posted a
query about this.

The SSH method was soooo simple to set up - just a single
line of code.
The SSL sounds like it would be harder work, although
I certainly want to activate the neural pathways required for
configuring SSL on my server, because it is required for a
real-life project I'm doing for a client right now.

However.... 
At the moment, my server is blocked off entirely from the
world by a firewall _and_ it refuses connections from outside my LAN.
So in order to use SSL, I would have to remove both of these layers of
protection, and then apply SSL to cover the passing of a
password to authenticate my access.
This still means that I have to replace the IP firewall and
Apache IP address blocking with SSL-covered authentication
for security.
It seems to me that that is a totally different solution,
which has a lot of configuration overhead.

If only I could get the SSH to do port redirection correctly,
it would make my life infinitely simpler.
If anyone else has had success with this approach to
SSH port redirection to read a firewalled intranet web server,
I'd like to know how they do it.
Obviously some people must be succeeding with it.

Cheers,
Alan Kennington.

--------------------------------------------------------------------
    name: Dr. Alan Kennington
  e-mail: akenning@dog.topology.org
 website: http://topology.org/
    city: Adelaide, South Australia
  coords: 34.88051 S, 138.59334 E
timezone: UTC+1030 http://topology.org/timezone.html
 pgp-key: http://topology.org/key_ak2.asc

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject

Index: [thread] [date] [subject] [author] [stats]

Return to the LinuxSA Mailing List Information Page