On 1/28/2011 7:51 AM, Rich Bowen wrote: > > On Jan 28, 2011, at 8:44 AM, Skye Sweeney wrote: > >> I have now been monitoring this distribution list for a month and now feel >> like I can ask my question... >> >> Recently my company has but a filter in their firewall to prevent any access >> to any outside computer over SSH or FTP. This has broken my ability to >> access my home computer to do such things as powering it off during >> thunderstorms. Only a very few ports are open on the firewall. These include >> port 80. >> >> Question: Is it possible to configure Apache and/or other components to >> allow a client to have a simple "bash shell" into the computer running >> Apache? I do not need X11 or any other graphic interfaces, just a good old >> shell and even that could be limited. Now before people freak out about >> security, it should be known that my firewall only allows connections from >> very specific MAC addresses. As long as I do not publish those, I consider >> my home Linux server very safe. >> >> I have tried to Goggle the answer, but I have not found the right key words >> to home in on a solution. I would be happy with just a few product or >> keyword names to help my search or an indication that I am barking up the >> wrong tree! > > Yes, it's possible, but it's the wrong solution. The right solution is ssh. I > hear you saying that your company forbids ssh, but I think that once you > understand the risks of doing what you're talking about here, you'll be able > to communicate to your firewall admin that ssh is *BY FAR* more secure than > any other remote shell options available. This is why so many commercial > firewalls come with ports 80, 443, and 22 open by default. > > I would strenuously encourage you to have a long talk with your network guy > about security, and if he/she doesn't understand the issues, have a talk with > his/her boss about his/her lack of credentials. This isn't a difficult issue > - it's pretty fundamental to network security.
Set up your ssh responder on 443, it will look to the powers-that-be and to your network proxy server as a tunneled https:// connection. Not sure how to have ssh client follow-the-tunnel offhand, but it can't be impossible --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
