httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <wr...@rowe-clan.net>
Subject Re: [users@httpd] Remote shell access via Apache
Date Fri, 28 Jan 2011 19:55:52 GMT
On 1/28/2011 7:51 AM, Rich Bowen wrote:
> 
> On Jan 28, 2011, at 8:44 AM, Skye Sweeney wrote:
> 
>> I have now been monitoring this distribution list for a month and now feel like I
can ask my question...
>>  
>> Recently my company has but a filter in their firewall to prevent any access to any
outside computer over SSH or FTP. This has broken my ability to access my home computer to
do such things as powering it off during thunderstorms. Only a very few ports are open on
the firewall. These include port 80.
>>  
>> Question: Is it possible to configure Apache and/or other components to allow a client
to have a simple "bash shell" into the computer running Apache? I do not need X11 or any other
graphic interfaces, just a good old shell and even that could be limited. Now before people
freak out about security, it should be known that my firewall only allows connections from
very specific MAC addresses. As long as I do not publish those, I consider my home Linux server
very safe.
>>  
>> I have tried to Goggle the answer, but I have not found the right key words to home
in on a solution. I would be happy with just a few product or keyword names to help my search
or an indication that I am barking up the wrong tree!
> 
> Yes, it's possible, but it's the wrong solution. The right solution is ssh. I hear you
saying that your company forbids ssh, but I think that once you understand the risks of doing
what you're talking about here, you'll be able to communicate to your firewall admin that
ssh is *BY FAR* more secure than any other remote shell options available. This is why so
many commercial firewalls come with ports 80, 443, and 22 open by default.
> 
> I would strenuously encourage you to have a long talk with your network guy about security,
and if he/she doesn't understand the issues, have a talk with his/her boss about his/her lack
of credentials. This isn't a difficult issue - it's pretty fundamental to network security.

Set up your ssh responder on 443, it will look to the powers-that-be
and to your network proxy server as a tunneled https:// connection.

Not sure how to have ssh client follow-the-tunnel offhand, but it can't
be impossible

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message