[unisog] Authenticated Proxy access

Eric Pancer epancer at security.depaul.edu
Wed May 5 08:36:25 GMT 2004


Christian Wilson wrote on Wed, 2004-05-05 at 17:23:22 +1000...

> We were trying to run an instance of stunnel on the client machines and
> on our proxy server to do encrypted authenticated proxy access against a
> squid proxy server and that worked for smallish (1000 or thereabouts)
> clients.
> 
> At the moment we are migrating to www.permeo.com - permeo socks proxy which
> uses SSL for authentication, and allows more access to the world than just
> boring http and ftp :)


For those that haven't been keeping up with OpenSSH, a new feature
slipped in within the past few releases.

...from man 5 ssh_config...

DynamicForward
    Specifies that a TCP/IP port on the local machine be forwarded
    over the secure channel, and the application protocol is then
    used to determine where to connect to from the remote machine.
    The argument must be a port number.  Currently the SOCKS4 and
    SOCKS5 protocols are supported, and ssh will act as a SOCKS serv-
    er.  Multiple forwardings may be specified, and additional for-
    wardings can be given on the command line.  Only the superuser
    can forward privileged ports.

This is quite nice actually; to use it..

$ ssh -D 3128 safe.shell.example.edu

And configure your proxy-awareness applications to use the tunnel
bound to the local interface.

I've managed to use this in a pinch twice now; it's good when you're
on a wireless lan, etc.

-- 
Eric Pancer     Computer Security Response Team     DePaul University
http://security.depaul.edu/               epancer at security.depaul.edu 
pgp: 1024D/7ACBCFF3 C022 4991 41E5 51E7 683C F765 62F7 7F8E 7ACB CFF3
                                                                 :wq!



More information about the unisog mailing list