[Gllug] Re: Reversing an SSH connection

Ian Northeast ian at house-from-hell.demon.co.uk
Thu Oct 27 20:22:12 UTC 2005


Tethys wrote:
> Ian Northeast writes:
> 
> 
>>It's what I do to ssh from work to home. We have 80 "transparently" 
>>proxied but 443 isn't. I too don't believe it can be and still work 
>>properly.
> 
> 
> Yes, it can, provided you have control of the desktop. If you can install
> your own CA certificates into the browser, then your proxy can issue faked
> certificates for the real site that the browser will happily accept. Most
> sites won't go to the effort, though.

Presumably the proxy has to validate the certificate the real server 
presents and only present its own custom certificate to the browser if 
it's satisfied. Is this so?

If so I can see why most sites don't bother.

I like it the way it is, at least I *can* get out. If we had proxied 
HTTPS I wouldn't be able to.

Regards, Ian

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list