Well, with a small amount of compitency and ssh, you've lost the ability to control any outbound data at the firewall. It can all be tunnelled over ssh. And SSH can be tunneled via most companies' SSL 'proxies.' Mind you, I don't see this as a problem, because thinking your firewall controlled outbound data flow was always silly. Its just becoming sillier and sillier. Note that if you allow inbound ssh, to a workstation, they can use that to proxy just about anything, but if you allow inbound access to any machine where someone who you don't trust has root, they can be a proxy. Adam Roy Stevens wrote: | I have started research into running ssh across the INTERNET. | My preliminary research has shown much promise. | | I would appreciate any feedback on this. | | I am particularly interested in firewall issues, i.e. proxy or IP | forwarding problems. | | Thanks for any correspondence. | | TOBOR | -- Just be thankful that Microsoft does not manufacture pharmaceuticals.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:54:06 PDT