[clug] ssh, https and GoogleEarth
Tomasz Ciolek
tmc at vandradlabs.com.au
Wed Jan 10 03:18:44 GMT 2007
Yes there is a way.
This would require your proxy to decrypt the SSL
stream and forward the data/connection to the far end... effectively a
"man in the middle" type setup.
Of course anyone who gets to your proxy can now read all taffic in
clear...
Tomasz
On Wed, Jan 10, 2007 at 09:36:00PM +1100, chris wrote:
> Hi list,
>
> Is there a way to completely block ssh traffic while permitting https
> traffic through over a network that uses a proxy to access the net? If
> you block outgoing traffic on port 22, then people can setup sshd to
> listen on port 443. And the proxy will let you through because it thinks
> you are visiting a https page. In other words, how can I distinguish
> between ssh traffic and SSL traffic?
>
> Just another unrelated issue, I am within a Novell network environment
> (Novell Core Protocol sits above all other protocols), I use a proxy to
> access the net. While Firefox in windows has no issues to authenticate
> itself using a Java program, which is invisible to the user end, but
> Firefox in Debian keeps saying "the data area passed to a system call is
> too small", I looked it up on Google but didn't find out anything
> remarkably helpful.
>
> I don't know how the authentication works, it doesn't require a user ID
> or password, if you are running Windows on a laptop and you can pass the
> authentication straight away by connecting to the network and get an IP
> off the DHCP server.
>
> My workaround is that I am setting my Debian laptop as a router for
> another machine that runs XP, as soon the the XP box gets a page from
> say www.google.com, my debian is able to use the net without any
> trouble. Alternative I can copy the IP and Mac off any box already been
> authenticated and stick them in my setting.
>
> Once my net is usable on Debian, if I try to use GoogleEarth, it gets
> stuck on contacting server. I can use GoogleEarth perfectly on the XP
> box behind my Debian laptop. If I use a ssh tunnel to use a remote
> proxy, GoogleEarth will work okay. Any idea what might be causing all this?
>
> Thanks
>
> Chris
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
--
Tomasz M. Ciolek
*******************************************************************************
tmc at vandradlabs dot com dot au
*******************************************************************************
GPG Key ID: 0x41C4C2F0
GPG Key Fingerprint: 3883 B308 8256 2246 D3ED A1FF 3A1D 0EAD 41C4 C2F0
Key available on good key-servers
*******************************************************************************
More information about the linux
mailing list