|
Security Basics
mailing list archives
Re: ssh tunneling to bypass web proxy rules
From: Alexander Klimov <alserkli () inbox ru>
Date: Tue, 23 Aug 2005 10:43:53 +0300 (IDT)
On Sun, 21 Aug 2005, Juan B wrote:
Someone told me one can pass web proxy restrictions by
tunnling throw ssh to restricted web sites like web
mail sites in our corporate network.I really whant to
know how he is doing that but I dont know where and
how to test it, and he of course doesnt tell.
man ssh:
-L port:host:hostport
Specifies that the given port on the local (client)
host is to be forwarded to the given host and port on
the remote side. This works by allocating a socket to
listen to the port on the local side. Then, whenever a
connection is made to this port, the connection is
forwarded over the secure channel and a connection is
made to host port hostport from the remote machine.
Port forwardings can also be specified in the confi-
guration file.
So you need to:
o start a proxy (e.g., privoxy) on the remote host,
o connect with ssh using port forwarding, and
o setup local web browser to use localhost:forwarded-port as a proxy.
I need to close this hole in the network.
If you allow ssh connections to external hosts there is no way to
close such `hole.' Note that if you use a black list of `bad' sites
(and not a white list of allowed web servers) somebody can as easily
use an external http proxy (BTW, even with a white list the google
cache can be used to read `bad' sites). So you best choice is just to
ignore this `problem.'
--
Regards,
ASK
 By Date 
By Thread
Current thread:
| 
Intro
