Re: OpenSSH-Client without reverse tunnel ability

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi Jan,

I doubt you can control this by inspecting the packets because they are encrypted.

SSH could be modified to recognise a new option in /etc/ssh/ssh_config, but if your users can run a non-standard SSH (i.e. one which doesn't have that restriction), then there's not much you can do.  It'd take a very tight ship to prevent users from running a non-standard SSH.

My first thought was that they might bring in their own device. My second thought was that an SSH client could be written in Javascript, so every web browser is a potential weak point.  My third thought was that writing a tunnel in Javascript is probably easier than writing a complete SSH client, and so every web browser is doubly a weak point.

David
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux