Re: (sslh) VPN over SSH: State of the art?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 1/4/2019 3:20 AM, Thomas Güttler wrote:
yes, I that's not what I had in mind. But why not? I think it is a valid solution.

I am a bit afraid: If setting it up fails, we loose control over our remote machines, since ssh is the only permanent connection we have.

sslh sounds like a lovely and simple solution to the problem. I've so far dodged this bullet by phasing out http (80) on most of my hosts, which has provided a "sneaky" UDP/TCP port 80 option for clients behind overly restrictive firewalls needing to connect to my VPN endpoint.

I used to be able to "sacrifice" telnet (23), but the restrictive firewalls that block destinations by port # tend to include that one as well. Even ftp (20:21) seems to be on the chopping block.

------------

Why not run a backup sshd to listen on a different to allow access if your main 0.0.0.0:22 connection no longer works?

/usr/sbin/sshd -q -p 22222 (or whatever other port you can use to connect to the host in question)

Good luck!

=M=
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux