Re: site-to-site VPN with credential prompts?
On Wed, Mar 26, 2025 at 10:03:36AM CET, tomas@tuxteam.de said:
> On Wed, Mar 26, 2025 at 09:41:55AM +0100, Nicolas George wrote:
> > tomas@tuxteam.de (HE12025-03-26):
> > > I was once sitting at a $(DAYJOB) where they blocked everything but
> > > 443 (and 80). I tunneled ssh over socat (with TLS, so that the handshake
> > > didn't look suspect, in case their firewall sniffed that). Bonus: I
> > > got to see whether they did MITM, since I made my own server and
> > > client certs.
> >
> > If behind a BOFH firewall, ssh is usually a lot easier to tunnel to
> > sneak through than a VPN.
>
> My bet was that 443 is always open because otherwise mid- and hi-
> level mgmt would be on top of the poor admins because they couldn't
> go to their share trading casinos: I won :)
Admins would also have problems to get security updates (and not accessing *overflow)
--
Erwan David
Reply to: