[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: site-to-site VPN with credential prompts?



On Wed, Mar 26, 2025 at 10:03:36AM CET, tomas@tuxteam.de said:
> On Wed, Mar 26, 2025 at 09:41:55AM +0100, Nicolas George wrote:
> > tomas@tuxteam.de (HE12025-03-26):
> > > I was once sitting at a $(DAYJOB) where they blocked everything but
> > > 443 (and 80). I tunneled ssh over socat (with TLS, so that the handshake
> > > didn't look suspect, in case their firewall sniffed that). Bonus: I
> > > got to see whether they did MITM, since I made my own server and
> > > client certs.
> > 
> > If behind a BOFH firewall, ssh is usually a lot easier to tunnel to
> > sneak through than a VPN.
> 
> My bet was that 443 is always open because otherwise mid- and hi-
> level mgmt would be on top of the poor admins because they couldn't
> go to their share trading casinos: I won :)

Admins would also have problems to get security updates (and not accessing *overflow)


-- 
Erwan David


Reply to: