[Gllug] Re: Reversing an SSH connection
Ian Northeast
ian at house-from-hell.demon.co.uk
Thu Oct 27 19:17:31 UTC 2005
Jon Dye wrote:
> Tethys wrote:
>
>>Rich Walker writes:
>>
>>
>>>However, the point is moot, as the client's site *does not permit
>>>outbound SSH*. (Unless, according to their admin, you run an ssh daemon
>>>on port 80, at which time it lets that through happily).
>>
>>Been there, done that. It gets more tricky when they also transparently
>>proxy outbound port 80 connections, as that tends to restrict the
>>protocol to HTTP as well as restricting the port.
>
>
> How about 443 then (https) as from what I understand that can't be
> proxied as it's encrypted and a man in the middle attack would break the
> authentication. Often works when port 80 is proxied.
It's what I do to ssh from work to home. We have 80 "transparently"
proxied but 443 isn't. I too don't believe it can be and still work
properly. I don't particularly like running sshd on 443, it's too
obvious for my liking, but it's the only way to make it work. Once upon
a time the work firewall had lots of outbound holes on unobvious ports
which I used to use, but the b*****s closed them all:(
BTW it's not on house-from-hell.demon.co.uk so don't try hacking me:)
HfH is a rarely connected dialup used just for mail and as a backup if
NTL fails.
Regards, Ian
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list