[Techtalk] Horribly insecure ssh tunnel?
Conor Daly
conor.daly at oceanfree.net
Mon Sep 9 14:10:25 EST 2002
Hi all,
As suggested by the subject, I'm not at all sure how secure this proposal
is so I thought I might ask...
I have two networks I wish to connect with an ssh tunnel. Each network is
on a dialup dynamic ip address and, as far as I know, only my local isp
allows a connection to my network on port 22. My idea is to have my local
network email its ip address to the remote network which will, in turn,
connect back via ssh. Once that connection is established, I set up a ppp
session across it.
My main difficulty is that, since both ip addresses are dynamic, the
remote network will receive a message saying:
"here's an ip address. please connect to it using ssh and once that's
done, prepare to receive a ppp connection"
It seems to me that authentication is the problem. Making sure the email
is coming from where it's supposed to come (gpg signing should handle
that), making sure the network connecting back is the correct remote one
(ssh key pairs but how do I handle key phrase(s) for them?) Maybe
requiring a sign on over ppp once the tunnel is up.
Or would I be better off making Emmental?
Of course, the other possibility is to set up sshd on the remote network
to listen to a different port (maybe an unpriviliged (sp) one that should
be open anyhow)...
Conor
--
Conor Daly <conor.daly at oceanfree.net>
Domestic Sysadmin :-)
---------------------
Faenor.cod.ie
1:50pm up 9 days, 18:17, 0 users, load average: 0.00, 0.00, 0.00
Hobbiton.cod.ie
1:49pm up 9 days, 17:58, 1 user, load average: 0.04, 0.06, 0.07
More information about the Techtalk
mailing list