Firewall Wizards mailing list archives

Re: ssh holes? Trojans? [long]

From: "Robert Collins" <robert.collins () itdomain com au>
Date: Thu, 21 Sep 2000 09:53:00 +1100

<snip>

All in all, though, it's sucky. You can't make it work if the clients

don't

want to let you make it work. This is probably why there is nothing around
that does what you want.

If you were to provide a non-transparent SSH gateway, that might work.
Clients can telnet (or SSH) to your gateway, and from there start a new

SSH

connection to the outside world. You could then snoop the traffic before

it

entered the second tunnel. They still get the protection of SSH over the
Internet and you still get to snoop the traffic. This requires user
co-operation, though. You can't do it in secret. I'll leave the fine

details

as an exercise ;)


And hope they don't  then run an end-end secure protocol htru that gateway.
Like uhmm, ssh :-]


_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards

Current thread:

RE: ssh holes? Trojans? [long] Ben Nagy (Sep 20)
- Re: ssh holes? Trojans? [long] Magosányi Árpád (Sep 22)
- Re: ssh holes? Trojans? [long] Robert Collins (Sep 22)
- <Possible follow-ups>
- RE: ssh holes? Trojans? [long] Ben Nagy (Sep 25)
  - Re: ssh holes? Trojans? [long] Magosányi Árpád (Sep 26)
- RE: ssh holes? Trojans? [long] sean . kelly (Sep 25)
- RE: ssh holes? Trojans? [long] Ben Nagy (Sep 26)