Re: is gitosis secure?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 14 Dec 2008, Asheesh Laroia wrote:

On Mon, 15 Dec 2008, Nix wrote:

On 14 Dec 2008, Jakub Narebski spake thusly:
BTW. is outgoing SSH transport (from network to outside) blocked as well?

*No* ports are open. All they have is a (non-transparent) buggy HTTP proxy. These guys really don't get the Internet, despite their sales literature banging on endlessly about it.

If that's the only way you can access the network, you can take advantage of the way HTTP proxies deal with HTTPS: they typically let it through byte for byte.

"connect.c is the simple relaying command to make network connection via SOCKS and https proxy. It is mainly intended to be used as proxy command of OpenSSH."

Run sshd on port 443, use connect.c, and you're set.

(Except for some really smart SSL-aware HTTP proxies that verify that it's an SSL connection of some kind. In theory, you could then sslwrap your sshd and then be set.)

although, if the company is doing this as a deliberate security measure (as opposed to not knowing what they are doing), setting up a bypass like this can get you fired for deliberatly bypassing a security device.

also, examples of people going to this sort of effort to bypass security policies end up with employees being trusted less.

you are far better off going through channels and discussing what you are trying to do and why.

David Lang
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux