[clug] ssh, https and GoogleEarth

Tomasz Ciolek tmc at vandradlabs.com.au
Wed Jan 10 03:18:44 GMT 2007

Yes there is a way.

This would require your proxy to decrypt the SSL
stream and forward the data/connection to the far end...  effectively a
"man in the middle" type setup.

Of course anyone who gets to your proxy can now read all taffic in


On Wed, Jan 10, 2007 at 09:36:00PM +1100, chris wrote:
> Hi list,
> Is there a way to completely block ssh traffic while permitting https
> traffic through over a network that uses a proxy to access the net? If
> you block outgoing traffic on port 22, then people can setup sshd to
> listen on port 443. And the proxy will let you through because it thinks
> you are visiting a https page. In other words, how can I distinguish
> between ssh traffic and SSL traffic?
> Just another unrelated issue, I am within a Novell network environment
> (Novell Core Protocol sits above all other protocols), I use a proxy to
> access the net. While Firefox in windows has no issues to authenticate
> itself using a Java program, which is invisible to the user end, but
> Firefox in Debian keeps saying "the data area passed to a system call is
> too small", I looked it up on Google but didn't find out anything
> remarkably helpful.
> I don't know how the authentication works, it doesn't require a user ID
> or password, if you are running Windows on a laptop and you can pass the
> authentication straight away by connecting to the network and get an IP
> off the DHCP server.
> My workaround is that I am setting my Debian laptop as a router for
> another machine that runs XP, as soon the the XP box gets a page from
> say www.google.com, my debian is able to use the net without any
> trouble. Alternative I can copy the IP and Mac off any box already been
> authenticated and stick them in my setting.
> Once my net is usable on Debian, if I try to use GoogleEarth, it gets
> stuck on contacting server. I can use GoogleEarth perfectly on the XP
> box behind my Debian laptop. If I use a ssh tunnel to use a remote
> proxy, GoogleEarth will work okay. Any idea what might be causing all this?
> Thanks
> Chris
> -- 
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux

Tomasz M. Ciolek	
 tmc at vandradlabs dot com dot au 
   GPG Key ID:		0x41C4C2F0
   GPG Key Fingerprint: 3883 B308 8256 2246 D3ED  A1FF 3A1D 0EAD 41C4 C2F0
   Key available on good key-servers

More information about the linux mailing list