[Techtalk] What do you all think?

[Malcolm Tredinnick]

On Wed, Nov 14, 2001 at 07:12:15PM -0500, David Merrill wrote:
> On Wed, Nov 14, 2001 at 09:59:23PM +1100, Emma Fox wrote:
> > Apart from using my Tuxman mug at work and explaining why we have to 
> > take the Netscape links off our desk tops when the $M$ Foundation 
> > inspects our labs?  :(  We have linux servers but our clients are all 
> > strictly windoze.  Any suggestions on how to convert supposedly 
> > intelligent academics from the dark side of the force are welcome.
> 
> I'd say if you possibly can (my network admin won't let me 'cause he
> is a major MS/IIS guy*) run Linux on your own workstation. Run Windows
[...]

> 	* I do have to credit him with having half a clue about
> 	security, 'cause I've never even been able to tunnel ssh under
> 	http to get to my home box. Every port is locked down.

You're just not trying hard enough, David. :-)

Tunnelling ssh over HTTPS, even through a proxy, is relatively
straightforward, since you can't block things based on traffic analysis
or caching with HTTPS. You do need to write a proxy that pipes between
your ssh process and the web proxy and you need to be able to connect to
the target sshd on port 443 at the other end. Of course, whether that
violates any local network policy is a seperate question.

I do this every day (albeit from a Linux box) at a site who require
everything to go through a proxy. I can only assume they do this for
traffic analysis purposes (it certainly can't be for security reasons).

If you want more details, contact me off-list.

Cheers,
Malcolm

-- 
On the other hand, you have different fingers.