Doh! Sorry... I missed the important bit in your opening paragraph:
> (behind a firewall/https proxy), and have no telnet /
> > ssh access...
so my reply makes no sense whatsoever... However, depending on your
proxy setup, you may get away with simply running the ssh daemon on port
80/443...
Adam Laurie wrote:
>
> Hmmm... As far as I can see, what you describe is simply SSH with no
> authentication - to do this, install SSH, allow passworded connections
> instead of keys (the default setup), and create a user with no password.
> For security, you could tcpwrap and/or use SSH's AllowHosts/DenyHosts
> directives. End to end pipes are achieved via SSH's forwarding
> mechanism, and tricky ones (like FTP) can be done by forwarding SOCKS. I
> personally wouldn't allow this setup anywhere near my hemisphere, let
> alone network, but it's your own kit your playing with (I hope!)... :)
>
> cheers,
> Adam
>
> Jan Vicherek wrote:
> >
> > Hello,
> >
> > I am looking for any input for the following problem:
> >
> > I'm at work, (maybe behind a firewall/https proxy), and have no telnet /
> > ssh access to a particular machine on the outside (Internet) on which I
> > have RedHat 5.0. I have full control over the RH5 box, I can put any
> > software on it and do whatever I want with it.
> >
> > I would like to get any of the following abilities, and I thought that
> > you guys could give me some good advice :
> >
> > Ideally, I would like to get a permanent, character-oriented pipe (to
> > the style of ssh, but without authorization / authentication schemes, nor
> > private / public key). That way I could do with the pipe anyting I wanted
> > to, e.g. run a /bin/bash or telnetd through it or attach PPP deamon to
> > each end to create a VPN ( Virtual Private Network ). ( I understand that
> > it could be terribly slow, but speed is not an issue, accessibility is. )
> >
> > If there would be no way to get a character - oriented pipe, I would
> > imagine second best would be a way to run a shell commands or something on
> > the other end somehow. I.e. I would use a browser at work, with a CGI
> > script on my RH5 machine. Browser would allow me to type shell commands
> > into an input field and the CGI script would accept them and would send
> > back plain ascii, 80x25 formatted screen. (I.e. it would be possible to
> > run "top" through it, and it would send and update every few seconds. ) Or
> > if I was not to use a browser, but just a simple ssl application, is there
> > a way to get it to communicate with the other end in a browser-like way,
> > that is, go through an https proxy ?
> >
> > To summarize. Im inside. I want to get outside through https (it might
> > be proxied). I can setup any hw/sw inside, and I have this RH5 intel box
> > outside, on which I can setup any sw. (security of the box is not of that
> > much concern.)
> >
> > What would be the suggestions ?
> >
> > Thanx,
> >
> > Jan
> >
> > PS : if the connection is proxied through a firewall, the traffic from
> > browser to the proxy server is in cleartext, right ?
> >
> > -- Gospel of Jesus is the saving power of God for all who believe --
> > Jan Vicherek ## To some, nothing is impossible. ## www.ied.com/~honza
> > >>> Free Software Union President ... www.fslu.org <<<
> > Interactive Electronic Design Inc. -#- PGP: finger honza@ied.com
>
> --
> Adam Laurie Tel: +44 (181) 742 0755
> A.L. Digital Ltd. Fax: +44 (181) 742 5995
> Voysey House
> Barley Mow Passage http://www.aldigital.co.uk
> London W4 4GB mailto:adam@algroup.co.uk
> UNITED KINGDOM PGP key on keyservers
--
Adam Laurie Tel: +44 (181) 742 0755
A.L. Digital Ltd. Fax: +44 (181) 742 5995
Voysey House
Barley Mow Passage http://www.aldigital.co.uk
London W4 4GB mailto:adam@algroup.co.uk
UNITED KINGDOM PGP key on keyservers