block ssh tunnelsThis is a discussion on block ssh tunnels within the Networking forums, part of the Help category; Hello I've some proxy that is configure to accept only 80 and 443 destination ports. But either that user can find shell account on 80 or 443 port and tunnel ... | ||||||||
| ||||||||
| Unix Content | Register | FAQ | Calendar | Search | Today's Posts | Mark Forums Read |
|
#1
08-24-2008, 08:54 AM
|
 block ssh tunnels Hello I've some proxy that is configure to accept only 80 and 443 destination ports. But either that user can find shell account on 80 or 443 port and tunnel through this proxy to all internet. Is it possible to prevent that kind of actions that user can work only with http[s] sites without tunnels? -- \!/ Kadu: #2940543 ( @ @ ) mailto:dimmur-(at)-z-pl oOO-(_)-OOo Registered Linux user: #277278 D.I.M.M.U.R.: Digital Intelligent Machine Manufactured for Ultimate Repair  |
|
#2
08-24-2008, 10:30 AM
|
| Re: block ssh tunnels On Aug 24, 5:54*am, DimmuR > I've some proxy that is configure to accept only 80 and 443 destination > ports. But either that user can find shell account on 80 or 443 port and > tunnel through this proxy to all internet. Is it possible to prevent that > kind of actions that user can work only with http[s] sites without > tunnels? This is a human problem, not a technical problem. Review the logs and appropriately punish those who break the rules. DS |
|
#3
08-24-2008, 10:38 AM
|
| Re: block ssh tunnels DimmuR wrote: > Hello > > I've some proxy that is configure to accept only 80 and 443 destination > ports. But either that user can find shell account on 80 or 443 port and > tunnel through this proxy to all internet. Is it possible to prevent that > kind of actions that user can work only with http[s] sites without > tunnels? SSH tunneling can be blocked, but there are tunneling methods using HTTP as the low-level transport. Have a look at e.g. corkscrew (you can Google for it). As soon as you open *any* connection to the Internet, you also open a way to transport clandestine tunneling. Would you please care to tell why? -- Tauno Voipio tauno voipio (at) iki fi |
|
#4
08-24-2008, 11:15 AM
|
| Re: block ssh tunnels On Sun, 24 Aug 2008 12:54:05 +0000 (UTC), DimmuR >Hello >I've some proxy that is configure to accept only 80 and 443 destination >ports. But either that user can find shell account on 80 or 443 port and >tunnel through this proxy to all internet. Is it possible to prevent that >kind of actions that user can work only with http[s] sites without >tunnels? RTFM, specifically sshd.conf |
|
#5
08-26-2008, 12:49 PM
|
| Re: block ssh tunnels On Sun, 24 Aug 2008 12:54:05 +0000, DimmuR wrote: > I've some proxy that is configure to accept only 80 and 443 destination > ports. But either that user can find shell account on 80 or 443 port and > tunnel through this proxy to all internet. Is it possible to prevent > that kind of actions that user can work only with http[s] sites without > tunnels? Deny all sites and only allow those sites you trust. Wkr, Sven Vermeulen |
