Hmmm... As far as I can see, what you describe is simply SSH with no
authentication - to do this, install SSH, allow passworded connections
instead of keys (the default setup), and create a user with no password.
For security, you could tcpwrap and/or use SSH's AllowHosts/DenyHosts
directives. End to end pipes are achieved via SSH's forwarding
mechanism, and tricky ones (like FTP) can be done by forwarding SOCKS. I
personally wouldn't allow this setup anywhere near my hemisphere, let
alone network, but it's your own kit your playing with (I hope!)... :)
cheers,
Adam
Jan Vicherek wrote:
>
> Hello,
>
> I am looking for any input for the following problem:
>
> I'm at work, (maybe behind a firewall/https proxy), and have no telnet /
> ssh access to a particular machine on the outside (Internet) on which I
> have RedHat 5.0. I have full control over the RH5 box, I can put any
> software on it and do whatever I want with it.
>
> I would like to get any of the following abilities, and I thought that
> you guys could give me some good advice :
>
> Ideally, I would like to get a permanent, character-oriented pipe (to
> the style of ssh, but without authorization / authentication schemes, nor
> private / public key). That way I could do with the pipe anyting I wanted
> to, e.g. run a /bin/bash or telnetd through it or attach PPP deamon to
> each end to create a VPN ( Virtual Private Network ). ( I understand that
> it could be terribly slow, but speed is not an issue, accessibility is. )
>
> If there would be no way to get a character - oriented pipe, I would
> imagine second best would be a way to run a shell commands or something on
> the other end somehow. I.e. I would use a browser at work, with a CGI
> script on my RH5 machine. Browser would allow me to type shell commands
> into an input field and the CGI script would accept them and would send
> back plain ascii, 80x25 formatted screen. (I.e. it would be possible to
> run "top" through it, and it would send and update every few seconds. ) Or
> if I was not to use a browser, but just a simple ssl application, is there
> a way to get it to communicate with the other end in a browser-like way,
> that is, go through an https proxy ?
>
> To summarize. Im inside. I want to get outside through https (it might
> be proxied). I can setup any hw/sw inside, and I have this RH5 intel box
> outside, on which I can setup any sw. (security of the box is not of that
> much concern.)
>
> What would be the suggestions ?
>
> Thanx,
>
> Jan
>
> PS : if the connection is proxied through a firewall, the traffic from
> browser to the proxy server is in cleartext, right ?
>
> -- Gospel of Jesus is the saving power of God for all who believe --
> Jan Vicherek ## To some, nothing is impossible. ## www.ied.com/~honza
> >>> Free Software Union President ... www.fslu.org <<<
> Interactive Electronic Design Inc. -#- PGP: finger honza@ied.com
--
Adam Laurie Tel: +44 (181) 742 0755
A.L. Digital Ltd. Fax: +44 (181) 742 5995
Voysey House
Barley Mow Passage http://www.aldigital.co.uk
London W4 4GB mailto:adam@algroup.co.uk
UNITED KINGDOM PGP key on keyservers