Harald Milz <[EMAIL PROTECTED]> writes:
>
> Kevin Buhr <[EMAIL PROTECTED]> wrote:
>
> > In short, the following should do the trick:
>
> > ssh -f -L 2323:localhost:23 remotehost sleep 60
> > telnet localhost 2323
>
> Nay, you mean ssh -f -L 2323:remotehost:23 remotehost sleep 60
> Otherwise you connect to yourself. Nice trick though ;-)
No, I really meant what I wrote, though both versions work (and both
should be equally secure in normal cases).
The second subparameter of the "-L" option ("localhost" in my example
and "remotehost" in yours) is interpreted by the remote host, not the
local host. If the remote host is appropriately configured,
"localhost" and "remotehost" should be securely resolved (via the
"/etc/hosts" file, for example) to 127.0.0.1 and x.x.x.x respectively,
where x.x.x.x is the local IP address of one of "remotehost"'s
enabled, non-loopback network interfaces. In this situation,
connections to either IP address should be secure.
If hostnames aren't securely resolved (for example, if the
"/etc/hosts" file is corrupt and all hostname resolution goes through
DNS), we might have a serious problem on our hands in both cases.
Perhaps "ssh -f -L 2323:127.0.0.1:23 ..." is a safer solution.
Kevin <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
