Firewall Wizards mailing list archives
Re: Time for a new FWTK?
From: "Ge' Weijers" <ge () progressive-systems com>
Date: Tue, 25 Nov 1997 10:55:13 -0500 (EST)
On Tue, 25 Nov 1997, -= ArkanoiD =- wrote:
..but there is no good proxy for incoming ssh: i tried to hack sshd to make one; it works but it is so ugly.. :(
Another hack: get the latest socks5 package from NEC, socksify ssh on your clients (a configurable option for ssh), run the socks server on your firewall, and only allow incoming connections that go to port 22 on machines that you trust. Disallow password authentication on those machines. For a little extra security against probes you can mandate the use of plaintext passwords on this connection. NEC also has DLLs that transparently 'socksify' programs for Windows, so this may work from Windows ssh too. Ge' Ge' Weijers Voice: (614)326 4600 Progressive Systems, Inc. FAX: (614)326 4601 2000 West Henderson Rd. Suite 400 Columbus, OH 43220 http://www.Progressive-Systems.com
Current thread:
- Re: Hardening, (was Re: chroot useful?), (continued)
- Re: Hardening, (was Re: chroot useful?) Marcus J. Ranum (Nov 23)
- Re: Hardening, (was Re: chroot useful?) Darren Reed (Nov 23)
- Re: Hardening, (was Re: chroot useful?) Marcus J. Ranum (Nov 23)
- Re: Hardening, (was Re: chroot useful?) Craig Brozefsky (Nov 23)
- Re: Hardening, (was Re: chroot useful?) Petri Virkkula (Nov 23)
- Re: Hardening, (was Re: chroot useful?) Craig Brozefsky (Nov 24)
- Test Systems - was Re: Hardening John Lines (Nov 24)
- Time for a new FWTK? chuck yerkes (Nov 24)
- Re: Time for a new FWTK? Marcus J. Ranum (Nov 24)
- Re: Time for a new FWTK? -= ArkanoiD =- (Nov 25)
- Re: Time for a new FWTK? Ge' Weijers (Nov 25)
- Re: Hardening, (was Re: chroot useful?) Darren Reed (Nov 23)
- Re: Time for a new FWTK? Ted Doty (Nov 25)
- Re: Hardening, (was Re: chroot useful?) Marcus J. Ranum (Nov 23)
- Re: Hardening, (was Re: chroot useful?) Darren Reed (Nov 24)