SSL wrapping or SSH tunnelling? Which is more secure?

Mark Blackman mark at blackmans.org
Tue Aug 20 11:27:11 BST 2002


this can be pretty straightforward with an entry in /etc/ttys (BSD)
or /etc/inittab (SYSV).

i.e. for FreeBSD (/etc/ttys)  lines of the form...

daemon1 "/bin/sh -c 'sleep 10; sleep 15;'" unknown on  
daemon2 "/bin/sh -c 'sleep 20; sleep 25;'" unknown on  

work nicely.

the first column needs to be unique but arbitrary in the file and the
/bin/sh indirection is required to use multiple programs in
sequence.

- Mark

> Making the tunnel stay up is actually quite tricky unless one resorts
> to something like daemontools to recognise that the tunnel has gone
> down and restart it when necessary. It gets even more convoluted when
> one uses a chain of SSH port forwarders for traversing a firewall sandwich.
> 
> One possible solution to the problem I've been mulling over is writing
> an SSH subsystem for doing general IP tunneling over SSH.
> 
> BMS
> 
> On Tue, Aug 20, 2002 at 10:55:08AM +0100, Pete French wrote:
> > Ou of interest, how do you do the ssh forwarding ? I've not yet found the
> > magic combination of arguments to let me set up a permentnet tunnel without
> > something running on the far end. At the moment thats a shell script which
> > sleeps 10 minutes and then dies. Any alternative suggestions ?
> 
> ------ FreeBSD UK Users' Group  -  Mailing List ------
> http://listserver.uk.freebsd.org/mailman/listinfo/freebsd-users




More information about the Ukfreebsd mailing list