This is in response to:
"There is another option if you don't have any issue to allow a certain public
IP address access to your network you can use some kind of portal which will
allow based on a SSL(even with self signed certificate) the "session" access to
the service."
I didn't receive the email so couldn't reply directly.
I'm pretty happy with digest auth as I think that is likely secure enough. The
proxy is working, mostly However I'm having trouble with two things:
1. I'm not able to figure out what goes into squid.conf to allow SSH through
proxy. My SSH server is on a non-standard port above 1024, and as I
understand, squid.conf has to account for this. I have references to
(ssh_port) and have the CONNECT method enabled (I believe) but I'm not sure if
this is correct. I'm certainly not able to SSH thru it:
auth_param digest program /usr/lib/squid/digest_file_auth -c
/etc/squid/passwdauth_param digest realm the_zone
auth_param digest children 2
acl auth_users proxy_auth REQUIRED
acl SSL_ports port (ssh_port)
acl Safe_ports port (ssh_port)
acl SSL_ports port 443
acl Safe_ports port 80 # httpacl Safe_ports port 21 # ftpacl
Safe_ports port 443 # httpsacl Safe_ports port 70 # gopheracl
Safe_ports port 210 # waisacl Safe_ports port 1025-65535 #
unregistered portsacl Safe_ports port 280 # http-mgmtacl Safe_ports port
488 # gss-httpacl Safe_ports port 591 # filemakeracl Safe_ports
port 777 # multiling httpacl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_portshttp_access allow auth_users
http_access allow all
http_port (proxy_port)
cache deny all
access_log none
2. I am no longer able to start squid in Ubuntu by using "service squid start".
This used to work, but it gives no error; it appears to immediately execute,
but it's not running as a process. However, if I run "squid -N -d 1 -D", it
runs with no complaints.
From: Eliezer Croitoru <elie...@ngtech.co.il>
To: 'j m' <acctforj...@yahoo.com>; squid-users@lists.squid-cache.org
Sent: Monday, May 1, 2017 3:30 PM
Subject: RE: [squid-users] Tutorial for better authentication than basic
And what about digest authentication?
----
http://ngtech.co.il/lmgtfy/
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of j m
Sent: Monday, May 1, 2017 4:18 PM
To: squid-users@lists.squid-cache.org
Subject: [squid-users] Tutorial for better authentication than basic
I'm using Ubuntu 16.04 Server in the home and would like to set up a proxy
server for use from over the Internet. The main purpose for this is to easily
access a few web-devices on my LAN without using VPN, and at times to route web
traffic from a remote location through my home ISP. I do not need nor want any
caching or filtering.
I previously used Tinyproxy and that did the job, but it had no authentication
whatsoever. I have basic authentication working on squid 3.5, where it asks
for the username and password, but I believe this login is sent in clear text.
I've did some research and found squid supports various better methods, such as
kerberos, ntlm, smb, etc. However, while I'm able to install Linux and set up
various things, I'm struggling with this authentication aspect. I have a
suspicion some of these methods will not work well because they rely on other
services (such as SMB) and may require opening more ports on my router,
something I'm not crazy about.
Amos previously suggested client cert auth, but I'm not sure how to set this
up. Are there any other secure auth methods that would work well over the
Internet and are fairly simple to configure?
In any case, can anyone point me to an online tutorial somewhere (for a
authentication newbie) that outlines how this is done?
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
