[TriLUG] ssh 'through' a firewall

Nathan Conrad conrad at bungled.net
Sat Apr 24 12:03:15 EDT 2004


I've been playing with a ppp over ssh VPN for a week or two. It seems
to work decently, although it is pretty slow at times (I'm using the
VPN as an Internet gateway with IP masquerading on the other side). I
just did a google search for vtun and found a document questioning its
security. The author said that it is easy to make man in the middle
attacks on it with version 2.5 because of how the encryption is
used. I expect that it would be much harder to exploit in the its TCP
operation mode than its UDP mode. The document is at:

http://www.off.net/~jme/vtun_secu.html

I'm not sure of the validity of the document because I have not
examined the source code of vtun. The 2.6 changelog did not mention
this problem being fixed, but it did mention that other problems of
vtun would be addressed in the future (using /dev/random instead of
rand() when SSL is disabled.)

I'm about to try installing openVPN, of which I've seen good reviews.

-Nathan

On Sat, Apr 24, 2004 at 09:43:30AM -0400, Ralph Blach wrote:
> Try
> 
> http://vtun.sourceforge.net/
> 
> It is a userland tunnling software that is very easy to setup and
> run.
> 
> I recomend that you give it a try.
> 
> Chip
> Tanner Lovelace wrote:
> >Douglas Kojetin said the following on 4/23/04 7:29 PM:
> >
> >>hi all-
> >>
> >>i ssh to a computer computer behind a firewall that has access to 
> >>other computers behind the network that i frequently need to ssh to.  
> >>what i normally do is
> >>
> >>ssh user at firstcomputer
> >>ssh user at secondcomputer
> >>
> >>is there a shortcut i can take so that i don't ssh twice?  i've setup 
> >>aliases and 'no-password authentication' to ease things, but it would 
> >>be nice to do the above in one command if possible.
> >
> >
> >You could have the first ssh execute the second.  If you just put the
> >two commands together, you'll noticed, however, that it doesn't work.
> >Ssh doesn't automatically allocate a psuedo-tty when executing a command
> >so you must force it to using the -t option.
> >
> >So, try:
> >
> >ssh -t user at firstcomputer ssh user at secondcomputer
> >
> >That should do what you want.
> >
> >Cheers,
> >Tanner
> 
> -- 
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc

-- 
Nathan J. Conrad                     Campus phone #5930
301 Scott hall, UNC Charlotte        http://bungled.net
GPG: F4FC 7E25 9308 ECE1 735C  0798 CE86 DA45 9170 3112
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://www.trilug.org/pipermail/trilug/attachments/20040424/4ac585d7/attachment.pgp>


More information about the TriLUG mailing list