SSL wrapping or SSH tunnelling? Which is more secure?
Mark Blackman
mark at blackmans.org
Tue Aug 20 11:34:49 BST 2002
must use 'kill -HUP 1' to get this file re-read BTW.
> this can be pretty straightforward with an entry in /etc/ttys (BSD)
> or /etc/inittab (SYSV).
>
> i.e. for FreeBSD (/etc/ttys) lines of the form...
>
> daemon1 "/bin/sh -c 'sleep 10; sleep 15;'" unknown on
> daemon2 "/bin/sh -c 'sleep 20; sleep 25;'" unknown on
>
> work nicely.
>
> the first column needs to be unique but arbitrary in the file and the
> /bin/sh indirection is required to use multiple programs in
> sequence.
>
> - Mark
>
> > Making the tunnel stay up is actually quite tricky unless one resorts
> > to something like daemontools to recognise that the tunnel has gone
> > down and restart it when necessary. It gets even more convoluted when
> > one uses a chain of SSH port forwarders for traversing a firewall sandwich.
> >
> > One possible solution to the problem I've been mulling over is writing
> > an SSH subsystem for doing general IP tunneling over SSH.
> >
> > BMS
> >
> > On Tue, Aug 20, 2002 at 10:55:08AM +0100, Pete French wrote:
> > > Ou of interest, how do you do the ssh forwarding ? I've not yet found the
> > > magic combination of arguments to let me set up a permentnet tunnel witho
> ut
> > > something running on the far end. At the moment thats a shell script whic
> h
> > > sleeps 10 minutes and then dies. Any alternative suggestions ?
> >
> > ------ FreeBSD UK Users' Group - Mailing List ------
> > http://listserver.uk.freebsd.org/mailman/listinfo/freebsd-users
>
> ------ FreeBSD UK Users' Group - Mailing List ------
> http://listserver.uk.freebsd.org/mailman/listinfo/freebsd-users
More information about the Ukfreebsd
mailing list