[Gllug] Re: Reversing an SSH connection
Ian Northeast
ian at house-from-hell.demon.co.uk
Thu Oct 27 20:22:12 UTC 2005
Tethys wrote:
> Ian Northeast writes:
>
>
>>It's what I do to ssh from work to home. We have 80 "transparently"
>>proxied but 443 isn't. I too don't believe it can be and still work
>>properly.
>
>
> Yes, it can, provided you have control of the desktop. If you can install
> your own CA certificates into the browser, then your proxy can issue faked
> certificates for the real site that the browser will happily accept. Most
> sites won't go to the effort, though.
Presumably the proxy has to validate the certificate the real server
presents and only present its own custom certificate to the browser if
it's satisfied. Is this so?
If so I can see why most sites don't bother.
I like it the way it is, at least I *can* get out. If we had proxied
HTTPS I wouldn't be able to.
Regards, Ian
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list