(sslh) VPN over SSH: State of the art?
Malcolm
opensshdev at r.paypc.com
Fri Mar 29 17:46:09 AEDT 2019
On 1/4/2019 3:20 AM, Thomas Güttler wrote:
> yes, I that's not what I had in mind. But why not? I think it is a valid
> solution.
>
> I am a bit afraid: If setting it up fails, we loose control over our
> remote machines, since ssh is the only permanent connection we have.
sslh sounds like a lovely and simple solution to the problem. I've so
far dodged this bullet by phasing out http (80) on most of my hosts,
which has provided a "sneaky" UDP/TCP port 80 option for clients behind
overly restrictive firewalls needing to connect to my VPN endpoint.
I used to be able to "sacrifice" telnet (23), but the restrictive
firewalls that block destinations by port # tend to include that one as
well. Even ftp (20:21) seems to be on the chopping block.
------------
Why not run a backup sshd to listen on a different to allow access if
your main 0.0.0.0:22 connection no longer works?
/usr/sbin/sshd -q -p 22222 (or whatever other port you can use to
connect to the host in question)
Good luck!
=M=
More information about the openssh-unix-dev
mailing list