[TriLUG] blocking outbound port 22

bak via TriLUG trilug at trilug.org
Thu Oct 8 15:34:23 EDT 2015 

Long ago in a far away land when I was but a nerdling, I was let go from a (rather terrible temporary) job for doing this.

These days I would have just used the data connection I carry around in my pocket all the time.

—bak

> On Oct 8, 2015, at 10:44, Matt Flyer via TriLUG <trilug at trilug.org> wrote:
> 
> This sounds like a perfect place to test the application Corkscrew:
> http://www.techrepublic.com/blog/linux-and-open-source/using-corkscrew-to-tunnel-ssh-over-http/
> 
> " If you are in an environment that disallows the use of SSH and forces
> the use of an HTTP proxy, it is possible to use that HTTP proxy as a
> transport for SSH."
> 
> I worked at a place that was absurdly totalitarian with regards to their
> web proxy.  As a design engineer I would frequently research technical
> information and they would even block categorically university sites,
> where you can get a lot of technical papers, as "educational sites
> prohibited".
> 
> Using SSH to tunnel out of there was the quick and obvious answer.
> 
> Blocking port 22 simply makes the case for moving SSH to a non standard
> port, the old security through obscurity line.
> 
>> port ssh , can be easily used for tunneling
>> 
>> I think, web proxy is in the blacklist for security reason.
>> 
>> On Wed, Oct 7, 2015 at 5:22 PM, Ken Mink via TriLUG <trilug at trilug.org>
>> wrote:
>> 
>>> 
>>> 
>>> Sent from my iPhone
>>> 
>>>> On Oct 7, 2015, at 16:52, Wes Garrison via TriLUG <trilug at trilug.org>
>>> wrote:
>>>> 
>>>> I ran into a situation today I've never seen before.
>>>> 
>>>> I was working at an engineering firm and their IT guy had all outbound
>>>> traffic on port 22 blocked.
>>>> 
>>>> Is there any sane reason to do this?
>>>> 
>>>> I can't think of any reason to block SSH, but maybe I'm missing
>>> something.
>>>> 
>>>> -Wes
>>> 
>>> Sure, internal security policies. One place I worked had ALL outbound
>>> traffic blocked. The only way out was web proxy, which also had quite
>>> the
>>> blacklist.
>>> 
>>> Ken
>>> 
> 
> -- 
> This message was sent to: bak at picklefactory.org <bak at picklefactory.org>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web	: http://www.trilug.org/mailman/options/trilug/bak%40picklefactory.org
> Welcome to TriLUG: http://trilug.org/welcome

More information about the TriLUG mailing list