Gabriel Gunderson wrote:
On Wed, 2007-01-10 at 10:47 -0700, Dave Long wrote:
This situation where the user is ssh'ing to an outside box (from
inside the network) to a box presumably with squid is what I am trying
to determine. I do not want to be an evil admin and block all ssh
access.
Sounds like the bigger problem is a trust issue. There are many ways
*technically* to approach the situation (some clearly better then
others), but maybe management should be made aware of her behavior and
they can handle it based on an established code of conduct. You can
then do what you (presumably) love - work on technical issues. I know
when I adopted this approach, it made my job much more pleasant.
Besides, who wants to work with people they can't trust? :)
I had the same thought, and I'll add that I'm one of those people who
are tunneling to a private Squid server. I do that not because I want
to misbehave, but because our filtering proxy blocks innocent Internet
access quite often (for example, Subversion, IRC, and the entire Google
cache) and I need them to do my job. Coordinate with the people running
private tunnels and with management.
Ideally, IMHO, you should provide unfiltered Internet access to those
who need it (presuming they are also trustworthy), so that they don't
have to waste their time setting up tunnels.
Shane
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
