On 29 Jan 2015 21:53, "Ángel González" <keisial@xxxxxxxxx> wrote: > > On 29/01/15 21:15, Alex Bligh wrote: >> >> Be frightened: >> https://chrome.google.com/webstore/detail/secure-shell/pnhechapfaindjhompbnflcldabbghjo?hl=en >> > That's a ssh client implemented in chromium, not a web server acting as sshd. However… > «Secure Shell also knows how to connect to an HTTP-to-ssh relay that was built inside Google. Unfortunately > that relay isn't open source, and Google doesn't maintain a public pool of relays» > -- http://git.chromium.org/gitweb/?p=chromiumos/platform/assets.git;a=blob;f=chromeapps/nassh/doc/faq.txt > > > > > Phil wrote: >> >> My main motivation is that it is generally easier to route HTTP across >> multiple corporate firewalls than getting ports opened for ssh (even if it >> is an embedded sshd such as in gerrit rather than an actual shell). > > It will depend on how picky the firewalls are. You may prefer to embed it into a https stream, > such as using a proxy command of socat - openssl-connect:%h:%p > That's certainly worth considering. However, my focus when posting was more motivated by defining a standard for ssh - over - web sockets, such as ws://host/path, along with a standard (as opposed to proxy command) implementation. I think in intranet environments tunneling over HTTP is good so that firewalls can inspect session setup/endpoints; in public environments I'd go for HTTPS to prevent precisely that. So, would a patch to the client to support hostnames as ws:// or wss:// be a welcome addition? If so, should a reference server be included too, given that I would be doing this as an apache module? Phil _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
