[clug] secure remote access method [SEC=PERSONAL]
Daniel Pittman
daniel at rimspace.net
Fri Jun 19 12:27:53 GMT 2009
jm <jeffm at ghostgun.com> writes:
> Daniel Pittman wrote:
>> Sorry for coming in late.
>>
>> OpenVPN supports the '--port-share' option to share a port between OpenVPN and
>> HTTPS; There is a Perl script to do the same for SSH and HTTPS here:
>>
>> http://search.cpan.org/~book/Net-Proxy-0.07/script/sslh
>>
>> Both of those will allow you to work around the limited access stuff; the port
>> 443 HTTPS sharing option is actually pretty solid, really.
>
> Another good idea. I also missed the idea by Geoff Swan on the fact that
> because 443 is used by SSL it's considered opaque and so ssh also works
> there.
Actually, SSL and SSH are infinitely identifiable traffic streams. The
*content* is protected, but the fact that you are (or are not) running SSL or
SSH is visible to an attacker who is looking for it.
(Heck, the SSH banner is plain-text. ;)
Regards,
Daniel
More information about the linux
mailing list