[clug] secure remote access method [SEC=PERSONAL]
jm
jeffm at ghostgun.com
Fri Jun 19 04:29:32 GMT 2009
Daniel Pittman wrote:
> Sorry for coming in late.
>
> OpenVPN supports the '--port-share' option to share a port between OpenVPN and
> HTTPS; There is a Perl script to do the same for SSH and HTTPS here:
>
> http://search.cpan.org/~book/Net-Proxy-0.07/script/sslh
>
> Both of those will allow you to work around the limited access stuff; the port
> 443 HTTPS sharing option is actually pretty solid, really.
>
>
Another good idea. I also missed the idea by Geoff Swan on the fact that
because 443 is used by SSL it's considered opaque and so ssh also works
there.
What I'm trying to drive at with this thread is the assumption that
everything is open between you and your server. The assumption is your
only trying to protect against eves dropping, man-in-the-middle, and
someone trying to crack your server. The internet is becoming less open.
There are firewalls out there that can be between you and your server,
there can be agents (network operators, etc) interfering in the
connection, machines which are locked down but are otherwise
trustworthy. This is all done with the best of intentions, but quite
often backfires when you need to do something they didn't foresee or
aren't aware of. The assumption that ssh fits all is erroneous. What is
something which will work with the minimal set of assuptions. I was
hoping to see some out of the box thinking from cluggers. One of my
co-worker voiced the opinion that cluggers were alittle close minded and
I was hoping to prove this person wrong. I was hoping the open in open
source also applied to their thinking. So far, not so good.
Jeff.
More information about the linux
mailing list