Bob La Quey wrote: > On Thu, Aug 21, 2008 at 1:13 PM, SJS <[EMAIL PROTECTED]> wrote: >> begin quoting Bob La Quey as of Thu, Aug 21, 2008 at 12:26:54PM -0700: >>> My problem: I want to use ssh to get at my remote server but I am >>> behind a firewall that I have no control over. It does allow normal >>> http service (tcp80) >>> >>> One possible solution: >>> http://dag.wieers.com/howto/ssh-http-tunneling/ >>> >>> Anyone else have this problem? >> Not in a long time, and even then, running sshd on port 443 worked. > > I do not know much about ssh. I am running a client application from > my laptop. Does that mean I > >>> Solutions? >> SSH over HTTP is an interesting concept, but the underlying premise >> I have a problem with... >> >> WHY did the network security folks (or whoever arranged things so that >> you'd be behind a firewall) nail down the firewall like that? What are >> the security threats that they are concerned with, and are your actions >> in subverting it in violation of the TOS/regulations/rules/contract? >> >> It's almost always better to approach the network security folks and >> ask for an exemption, after demonstrating that you are not an idiot >> liable to wreak havoc upon the network. Then end result of this sort >> of restriction will be the white-listing of "acceptable servers", and >> that would just suck. > > I am traveling. I use public libraries and Internet cafes. Mostly it just > works, > but sometimes like today, public library branch in Pine Valley I > cannot use ssh directly. > > Nice surroundings though.
The sdpl seems to have fairly innocuous constraints http://www.sandiego.gov/public-library/searching-the-net/wirelessaccess.shtml http://www.sandiego.gov/public-library/searching-the-net/access.shtml but I can see that some wifi providers may close all-but http & htttps. I wonder if our road warrier population might report back from their own experience what fraction of public wifi allows ssh. For your case blq, do you have a server somewhere that is not now running http (or https)? That would be the easiest solution -- just setup sshd on that server to (also) listen on port 80 (or 443). Hmmm, might this be a reasonable project on an (eg) openwrt router running at home. Might need dynamic dns to keep track of it's ip, I suppose. Regards, ..jim -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
