On Sun, 14 Dec 2008, Asheesh Laroia wrote:
On Mon, 15 Dec 2008, Nix wrote:
On 14 Dec 2008, Jakub Narebski spake thusly:
BTW. is outgoing SSH transport (from network to outside) blocked as well?
*No* ports are open. All they have is a (non-transparent) buggy HTTP proxy.
These guys really don't get the Internet, despite their sales literature
banging on endlessly about it.
If that's the only way you can access the network, you can take advantage of
the way HTTP proxies deal with HTTPS: they typically let it through byte for
byte.
"connect.c is the simple relaying command to make network connection via
SOCKS and https proxy. It is mainly intended to be used as proxy command of
OpenSSH."
Run sshd on port 443, use connect.c, and you're set.
(Except for some really smart SSL-aware HTTP proxies that verify that it's an
SSL connection of some kind. In theory, you could then sslwrap your sshd and
then be set.)
although, if the company is doing this as a deliberate security measure
(as opposed to not knowing what they are doing), setting up a bypass like
this can get you fired for deliberatly bypassing a security device.
also, examples of people going to this sort of effort to bypass security
policies end up with employees being trusted less.
you are far better off going through channels and discussing what you are
trying to do and why.
David Lang
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
