Re: SSH over websockets

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 29 Jan 2015 21:53, "Ángel González" <keisial@xxxxxxxxx> wrote:
>
> On 29/01/15 21:15, Alex Bligh wrote:
>>
>> Be frightened:
>>
https://chrome.google.com/webstore/detail/secure-shell/pnhechapfaindjhompbnflcldabbghjo?hl=en
>>
> That's a ssh client implemented in chromium, not a web server acting as
sshd. However…
> «Secure Shell also knows how to connect to an HTTP-to-ssh relay that was
built inside Google.  Unfortunately
> that relay isn't open source, and Google
doesn't maintain a public pool of relays»
> --
http://git.chromium.org/gitweb/?p=chromiumos/platform/assets.git;a=blob;f=chromeapps/nassh/doc/faq.txt
>
>
>
>
> Phil wrote:
>>
>> My main motivation is that it is generally easier to route HTTP across
>> multiple corporate firewalls than getting ports opened for ssh (even if
it
>> is an embedded sshd such as in gerrit rather than an actual shell).
>
> It will depend on how picky the firewalls are. You may prefer to embed it
into a https stream,
> such as using a proxy command of socat - openssl-connect:%h:%p
>
That's certainly worth considering. However, my focus when posting was more
motivated by defining a standard for ssh - over - web sockets, such as
ws://host/path, along with a standard (as opposed to proxy command)
implementation.

I think in intranet environments tunneling over HTTP is good so that
firewalls can inspect session setup/endpoints; in public environments I'd
go for HTTPS to prevent precisely that.

So, would a patch to the client to support hostnames as ws:// or wss:// be
a welcome addition? If so, should a reference server be included too, given
that I would be doing this as an apache module?

Phil
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev





[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux