[clug] secure remote access method [SEC=PERSONAL]

[jm]

Daniel Pittman wrote:
> Sorry for coming in late.
>
> OpenVPN supports the '--port-share' option to share a port between OpenVPN and
> HTTPS; There is a Perl script to do the same for SSH and HTTPS here:
>
> http://search.cpan.org/~book/Net-Proxy-0.07/script/sslh
>
> Both of those will allow you to work around the limited access stuff; the port
> 443 HTTPS sharing option is actually pretty solid, really.
>
>   

Another good idea. I also missed the idea by Geoff Swan on the fact that 
because 443 is used by SSL it's considered opaque and so ssh also works 
there.

What I'm trying to drive at with this thread is the assumption that 
everything is open between you and your server. The  assumption is your 
only trying to protect against eves dropping, man-in-the-middle, and 
someone trying to crack your server. The internet is becoming less open. 
There are firewalls out there that can be between you and your server, 
there can be agents (network operators, etc) interfering in the 
connection, machines which are locked down but are otherwise 
trustworthy. This is all done with the best of intentions, but quite 
often backfires when you need to do something they didn't foresee or 
aren't aware of. The assumption that ssh fits all is erroneous. What is 
something which will work with the minimal set of assuptions. I was 
hoping to see some out of the box thinking from cluggers. One of my 
co-worker voiced the opinion that cluggers were alittle close minded and 
I was hoping to prove this person wrong. I was hoping the open in open 
source also applied to their thinking. So far, not so good.

Jeff.