[unisog] Authenticated Proxy access
epancer at security.depaul.edu
Wed May 5 08:36:25 GMT 2004
Christian Wilson wrote on Wed, 2004-05-05 at 17:23:22 +1000...
> We were trying to run an instance of stunnel on the client machines and
> on our proxy server to do encrypted authenticated proxy access against a
> squid proxy server and that worked for smallish (1000 or thereabouts)
> At the moment we are migrating to www.permeo.com - permeo socks proxy which
> uses SSL for authentication, and allows more access to the world than just
> boring http and ftp :)
For those that haven't been keeping up with OpenSSH, a new feature
slipped in within the past few releases.
...from man 5 ssh_config...
Specifies that a TCP/IP port on the local machine be forwarded
over the secure channel, and the application protocol is then
used to determine where to connect to from the remote machine.
The argument must be a port number. Currently the SOCKS4 and
SOCKS5 protocols are supported, and ssh will act as a SOCKS serv-
er. Multiple forwardings may be specified, and additional for-
wardings can be given on the command line. Only the superuser
can forward privileged ports.
This is quite nice actually; to use it..
$ ssh -D 3128 safe.shell.example.edu
And configure your proxy-awareness applications to use the tunnel
bound to the local interface.
I've managed to use this in a pinch twice now; it's good when you're
on a wireless lan, etc.
Eric Pancer Computer Security Response Team DePaul University
http://security.depaul.edu/ epancer at security.depaul.edu
pgp: 1024D/7ACBCFF3 C022 4991 41E5 51E7 683C F765 62F7 7F8E 7ACB CFF3
More information about the unisog