httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <wr...@rowe-clan.net>
Subject Re: [users@httpd] Remote shell access via Apache
Date Fri, 28 Jan 2011 20:10:15 GMT
On 1/28/2011 2:03 PM, Sean Conner wrote:
> It was thus said that the Great William A. Rowe Jr. once stated:
>> On 1/28/2011 7:51 AM, Rich Bowen wrote:
>>>
>>> On Jan 28, 2011, at 8:44 AM, Skye Sweeney wrote:
>>>
>>>> Question: Is it possible to configure Apache and/or other components to
>>>> allow a client to have a simple "bash shell" into the computer running
>>>> Apache? I do not need X11 or any other graphic interfaces, just a good
>>>> old shell and even that could be limited. Now before people freak out
>>>> about security, it should be known that my firewall only allows
>>>> connections from very specific MAC addresses. As long as I do not
>>>> publish those, I consider my home Linux server very safe.
>>>>  
>>> Yes, it's possible, but it's the wrong solution. The right solution is
>>> ssh. I hear you saying that your company forbids ssh, but I think that
>>> once you understand the risks of doing what you're talking about here,
>>> you'll be able to communicate to your firewall admin that ssh is *BY
>>> FAR* more secure than any other remote shell options available. This is
>>> why so many commercial firewalls come with ports 80, 443, and 22 open by
>>> default.
>>
>> Set up your ssh responder on 443, it will look to the powers-that-be
>> and to your network proxy server as a tunneled https:// connection.
>>
>> Not sure how to have ssh client follow-the-tunnel offhand, but it can't
>> be impossible
> 
>   % ssh -p 443 ...
> 
>   I've set this up after I found myself stuck behind a particularly nasty
> network that only allowed outgoing TCP traffic on ports 80 and 443.  

But if direct https: is blocked?  How to use the http proxy CONNECT via ssh?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message