Re: Remote shell access via Apache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 1/28/2011 2:03 PM, Sean Conner wrote:
> It was thus said that the Great William A. Rowe Jr. once stated:
>> On 1/28/2011 7:51 AM, Rich Bowen wrote:
>>>
>>> On Jan 28, 2011, at 8:44 AM, Skye Sweeney wrote:
>>>
>>>> Question: Is it possible to configure Apache and/or other components to
>>>> allow a client to have a simple "bash shell" into the computer running
>>>> Apache? I do not need X11 or any other graphic interfaces, just a good
>>>> old shell and even that could be limited. Now before people freak out
>>>> about security, it should be known that my firewall only allows
>>>> connections from very specific MAC addresses. As long as I do not
>>>> publish those, I consider my home Linux server very safe.
>>>>  
>>> Yes, it's possible, but it's the wrong solution. The right solution is
>>> ssh. I hear you saying that your company forbids ssh, but I think that
>>> once you understand the risks of doing what you're talking about here,
>>> you'll be able to communicate to your firewall admin that ssh is *BY
>>> FAR* more secure than any other remote shell options available. This is
>>> why so many commercial firewalls come with ports 80, 443, and 22 open by
>>> default.
>>
>> Set up your ssh responder on 443, it will look to the powers-that-be
>> and to your network proxy server as a tunneled https:// connection.
>>
>> Not sure how to have ssh client follow-the-tunnel offhand, but it can't
>> be impossible
> 
>   % ssh -p 443 ...
> 
>   I've set this up after I found myself stuck behind a particularly nasty
> network that only allowed outgoing TCP traffic on ports 80 and 443.  

But if direct https: is blocked?  How to use the http proxy CONNECT via ssh?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux