FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian ISP

 
 
LinkBack Thread Tools
 
Old 08-21-2010, 01:30 PM
Leonardo Boselli
 
Default shell access behind a trasparent proxy http only

I have the urgent necessity to allow some users that lay behind a
trasparent proxy that allow only http connection on port 80 to access a
normal shell on a machine.

Unce it exixted webmin, but now what is remaining ?


--
Leonardo Boselli


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: alpine.DEB.2.00.1008211528520.22038@dipolo.dicea.u nifi.it">http://lists.debian.org/alpine.DEB.2.00.1008211528520.22038@dipolo.dicea.u nifi.it
 
Old 08-21-2010, 03:04 PM
Scott Edwards
 
Default shell access behind a trasparent proxy http only

On Sat, Aug 21, 2010 at 8:30 AM, Leonardo Boselli <leo@dicea.unifi.it> wrote:
> I have the urgent necessity to allow some users that lay behind a trasparent
> proxy that allow only http connection on port 80 to access a normal shell on
> a machine.
> Unce it exixted webmin, but now what is remaining ?
>
>
> --
> Leonardo Boselli

HTTP is insecure (vs https), but it sounds like you're asking despite
that issue. There's an ajax shell written in php that comes to mind.

Regards,


Scott.


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: AANLkTinigi58osGBeZGhu7Vq3SrPnO487-OgHcTjJTd_@mail.gmail.com">http://lists.debian.org/AANLkTinigi58osGBeZGhu7Vq3SrPnO487-OgHcTjJTd_@mail.gmail.com
 
Old 08-21-2010, 03:13 PM
Leonardo Boselli
 
Default shell access behind a trasparent proxy http only

even this is not good. i need fullc apabilityes, inclusive (and expecially)
the capability to edit config files and change user .....

--
Leonardo Boselli

On Sat, 21 Aug 2010, Scott Edwards wrote:


On Sat, Aug 21, 2010 at 8:30 AM, Leonardo Boselli <leo@dicea.unifi.it> wrote:

I have the urgent necessity to allow some users that lay behind a trasparent
proxy that allow only http connection on port 80 to access a normal shell on
a machine.
Unce it exixted webmin, but now what is remaining ?


--
Leonardo Boselli


HTTP is insecure (vs https), but it sounds like you're asking despite
that issue. There's an ajax shell written in php that comes to mind.

Regards,


Scott.




--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: alpine.DEB.2.00.1008211712080.10038@dipolo.dicea.u nifi.it">http://lists.debian.org/alpine.DEB.2.00.1008211712080.10038@dipolo.dicea.u nifi.it
 
Old 08-21-2010, 04:11 PM
Roberto Scattini
 
Default shell access behind a trasparent proxy http only

On Sat, Aug 21, 2010 at 12:13 PM, Leonardo Boselli <leo@dicea.unifi.it> wrote:
>
> even this is not good. i need fullc apabilityes, inclusive (and expecially)
> *the capability to edit config files and change user .....


ajaxterm?

--
Roberto Scattini


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: AANLkTi=ZgFt2B11owmCnfqtg2bNsYGFFZeO3ueLfK9BL@mail .gmail.com">http://lists.debian.org/AANLkTi=ZgFt2B11owmCnfqtg2bNsYGFFZeO3ueLfK9BL@mail .gmail.com
 
Old 08-21-2010, 09:18 PM
Boris Pavlov
 
Default shell access behind a trasparent proxy http only

On 21.8.2010 г. 16:30 ч., Leonardo Boselli wrote:

I have the urgent necessity to allow some users that lay behind a
trasparent proxy that allow only http connection on port 80 to access a
normal shell on a machine.
Unce it exixted webmin, but now what is remaining ?


--
Leonardo Boselli





--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4C704298.1040703@elib.minfin.bg">http://lists.debian.org/4C704298.1040703@elib.minfin.bg
 
Old 08-21-2010, 09:20 PM
Boris Pavlov
 
Default shell access behind a trasparent proxy http only

On 21.8.2010 г. 16:30 ч., Leonardo Boselli wrote:

I have the urgent necessity to allow some users that lay behind a
trasparent proxy that allow only http connection on port 80 to access a
normal shell on a machine.
Unce it exixted webmin, but now what is remaining ?


--
Leonardo Boselli






sorry.

try taking to the f*cking administrators. that is the legal - and
preferable - solution.


if you want to avoid legally placed restriction, yes, there may be a way
to do it, but yous should not do it.


edi


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4C704305.60605@elib.minfin.bg">http://lists.debian.org/4C704305.60605@elib.minfin.bg
 
Old 08-21-2010, 10:12 PM
Leonardo Boselli
 
Default shell access behind a trasparent proxy http only

Urgent means by tomorrow at 16. Also the administrator is contracted
outside the organization where the FW is operating.

This mean that is techinichally impossible to obtain a change for
tomorrow, sunday.
So they gave us a guest access that does not require for them any special
operation.
Also, since i think would pass another year before some other guest
had the necessity to use ssh, it would be an effort not worth the
advantage.
Aboit legalities: the arrangement is not made to reach some other's server
without this server administrators aithorization, but rather to be able
to use on our own server a certain protocol.


Leonardo Boselli

On Sun, 22 Aug 2010, Boris Pavlov wrote:

On 21.8.2010 ?. 16:30 ?., Leonardo Boselli wrote:

I have the urgent necessity to allow some users that lay behind a
try taking to the f*cking administrators. that is the legal - and preferable
- solution.



--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: alpine.DEB.2.00.1008220003170.17110@dipolo.dicea.u nifi.it">http://lists.debian.org/alpine.DEB.2.00.1008220003170.17110@dipolo.dicea.u nifi.it
 
Old 08-21-2010, 10:17 PM
Keith Edmunds
 
Default shell access behind a trasparent proxy http only

This isn't really a technical problem: it's a management one, and it
should be treated as such.


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100821231707.4802d5fe@ws.midnighthax.com">http://lists.debian.org/20100821231707.4802d5fe@ws.midnighthax.com
 
Old 08-22-2010, 12:11 AM
Boris Pavlov
 
Default shell access behind a trasparent proxy http only

lemme ask you: 1) user 2) proxy 3) target sshd?
if so:

a) can you access the proxy directly as proxy server pointing address
and port?


b)ask (or try, see below) if it supports CONNECT. usually, if you can
make httpS - yes;


c)if yes - on which ports.

and:
bind sshd at the target on this port (for example 443); just make sure
the port is unused, and add another line with another one Port command,
like this:

---
# What ports, IPs and protocols we listen for
Port 22
Port 443
---
reload or restart sshd and :
netstat -lnp|grep sshd
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN 14379/sshd
tcp 0 0 0.0.0.0:443 0.0.0.0:*
LISTEN 14379/sshd



use client which supports this (putty for example)

edi
PS tested, works with plain proxy (squid) and putty.
PS/2 sorry for the yelling, but: IT IS MANAGEMENT PROBLEM. don't try too
hard to solve management problems with technical solutions. if you
succeed, it may become nasty management's habit. sorry for the poor english.



--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4C706B48.8050901@elib.minfin.bg">http://lists.debian.org/4C706B48.8050901@elib.minfin.bg


Sun Aug 22 02:30:01 2010
Return-path: <ubuntu-users-bounces@lists.ubuntu.com>
Envelope-to: tom@linux-archive.org
Delivery-date: Sun, 22 Aug 2010 02:25:13 +0300
Received: from chlorine.canonical.com ([91.189.94.204]:35859)
by s2.java-tips.org with esmtp (Exim 4.69)
(envelope-from <ubuntu-users-bounces@lists.ubuntu.com>)
id 1OmxR2-0001iI-Pi
for tom@linux-archive.org; Sun, 22 Aug 2010 02:25:13 +0300
Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com)
by chlorine.canonical.com with esmtp (Exim 4.69)
(envelope-from <ubuntu-users-bounces@lists.ubuntu.com>)
id 1OmyAO-0005vN-76; Sun, 22 Aug 2010 01:12:04 +0100
Received: from mail2.ddt-consult.de ([88.198.36.7])
by chlorine.canonical.com with esmtp (Exim 4.69)
(envelope-from <ubuntu-users@list-post.mks-mail.de>)
id 1OmyAL-0005vH-Mm
for ubuntu-users@lists.ubuntu.com; Sun, 22 Aug 2010 01:12:01 +0100
Received: from localhost (localhost [127.0.0.1])
by mail2.ddt-consult.de (Postfix) with ESMTP id 730F840022F
for <ubuntu-users@lists.ubuntu.com>;
Sun, 22 Aug 2010 02:12:01 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at mail
Received: from mail2.ddt-consult.de ([127.0.0.1])
by localhost (mail2.ddt-consult.de [127.0.0.1]) (amavisd-new,
port 10024)
with LMTP id 7O59XrB2eZko for <ubuntu-users@lists.ubuntu.com>;
Sun, 22 Aug 2010 02:12:00 +0200 (CEST)
Received: from [192.168.2.114] (p4FFE1A40.dip.t-dialin.net [79.254.26.64])
(Authenticated sender: mks@list-post.mks-mail.de)
by mail2.ddt-consult.de (Postfix) with ESMTPSA id 07AAE400225
for <ubuntu-users@lists.ubuntu.com>;
Sun, 22 Aug 2010 02:11:59 +0200 (CEST)
Message-ID: <4C706B4F.2000301@list-post.mks-mail.de>
Date: Sun, 22 Aug 2010 02:11:59 +0200
From: =?ISO-8859-15?Q?Markus_Sch=F6nhaber?=
<ubuntu-users@list-post.mks-mail.de>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; de;
rv:1.9.2.8) Gecko/20100809 Lightning/1.0b2pre Mnenhy/0.8.3
Thunderbird/3.1.2
MIME-Version: 1.0
To: ubuntu-users@lists.ubuntu.com
Subject: WARNING! xend/DomUs won't start on latest linux-image-2.6.24-28-xen
X-BeenThere: ubuntu-users@lists.ubuntu.com
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: ubuntu-users@lists.ubuntu.com
List-Id: "Ubuntu user technical support,
not for general discussions" <ubuntu-users.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/listinfo/ubuntu-users>,
<mailto:ubuntu-users-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/ubuntu-users>
List-Post: <mailto:ubuntu-users@lists.ubuntu.com>
List-Help: <mailto:ubuntu-users-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/ubuntu-users>,
<mailto:ubuntu-users-request@lists.ubuntu.com?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ubuntu-users-bounces@lists.ubuntu.com
Errors-To: ubuntu-users-bounces@lists.ubuntu.com

Hi,

after updating one of my servers running Xen on Hardy to the latest Xen
kernel (linux-image-2.6.24-28-xen vers. 2.6.24-28.75), xend wouldn't
start and, of course, no DomU came up:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/620994
Going back to 2.6.24-28.73 helped.

I curse the day I decided to use Ubuntu on a server.

--
Regards
mks

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Sun Aug 22 02:30:01 2010
Return-path: <ubuntu-server-bounces@lists.ubuntu.com>
Envelope-to: tom@linux-archive.org
Delivery-date: Sun, 22 Aug 2010 02:26:22 +0300
Received: from chlorine.canonical.com ([91.189.94.204]:53728)
by s2.java-tips.org with esmtp (Exim 4.69)
(envelope-from <ubuntu-server-bounces@lists.ubuntu.com>)
id 1OmxSA-0001n0-2i
for tom@linux-archive.org; Sun, 22 Aug 2010 02:26:22 +0300
Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com)
by chlorine.canonical.com with esmtp (Exim 4.69)
(envelope-from <ubuntu-server-bounces@lists.ubuntu.com>)
id 1OmyBj-000687-Ci; Sun, 22 Aug 2010 01:13:27 +0100
Received: from mail2.ddt-consult.de ([88.198.36.7])
by chlorine.canonical.com with esmtp (Exim 4.69)
(envelope-from <ubuntu-server@list-post.mks-mail.de>)
id 1OmyBi-00067F-Co
for ubuntu-server@lists.ubuntu.com; Sun, 22 Aug 2010 01:13:26 +0100
Received: from localhost (localhost [127.0.0.1])
by mail2.ddt-consult.de (Postfix) with ESMTP id 45A7540022F
for <ubuntu-server@lists.ubuntu.com>;
Sun, 22 Aug 2010 02:13:26 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at mail
Received: from mail2.ddt-consult.de ([127.0.0.1])
by localhost (mail2.ddt-consult.de [127.0.0.1]) (amavisd-new,
port 10024)
with LMTP id fQ9-wpIYbEa9 for <ubuntu-server@lists.ubuntu.com>;
Sun, 22 Aug 2010 02:13:25 +0200 (CEST)
Received: from [192.168.2.114] (p4FFE1A40.dip.t-dialin.net [79.254.26.64])
(Authenticated sender: mks@list-post.mks-mail.de)
by mail2.ddt-consult.de (Postfix) with ESMTPSA id 850B2400225
for <ubuntu-server@lists.ubuntu.com>;
Sun, 22 Aug 2010 02:13:25 +0200 (CEST)
Message-ID: <4C706BA5.8050604@list-post.mks-mail.de>
Date: Sun, 22 Aug 2010 02:13:25 +0200
From: =?ISO-8859-15?Q?Markus_Sch=F6nhaber?=
<ubuntu-server@list-post.mks-mail.de>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; de;
rv:1.9.2.8) Gecko/20100809 Lightning/1.0b2pre Mnenhy/0.8.3
Thunderbird/3.1.2
MIME-Version: 1.0
To: ubuntu-server@lists.ubuntu.com
Subject: WARNING! xend/DomUs won't start on latest linux-image-2.6.24-28-xen
X-BeenThere: ubuntu-server@lists.ubuntu.com
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: ubuntu-server@lists.ubuntu.com
List-Id: Ubuntu Server Development mailing list
<ubuntu-server.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/listinfo/ubuntu-server>,
<mailto:ubuntu-server-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/ubuntu-server>
List-Post: <mailto:ubuntu-server@lists.ubuntu.com>
List-Help: <mailto:ubuntu-server-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/ubuntu-server>,
<mailto:ubuntu-server-request@lists.ubuntu.com?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ubuntu-server-bounces@lists.ubuntu.com
Errors-To: ubuntu-server-bounces@lists.ubuntu.com

Hi,

after updating one of my servers running Xen on Hardy to the latest Xen
kernel (linux-image-2.6.24-28-xen vers. 2.6.24-28.75), xend wouldn't
start and, of course, no DomU came up:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/620994
Going back to 2.6.24-28.73 helped.

I curse the day I decided to use Ubuntu on a server.

--
Regards
mks


--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 08-22-2010, 08:42 PM
Gerhard Venter
 
Default shell access behind a trasparent proxy http only

80 is just a port number like any other.So if the server you need to connect to isn't a web server (fat chance I guess), you could run an ssh daemon on port 80.That would be very easy, and meet all your requirements but you can't do it if the server is already running something on port 80




On 22 August 2010 01:11, Boris Pavlov <edi@elib.minfin.bg> wrote:


lemme ask you: 1) user 2) proxy 3) target sshd?

if so:



a) can you access the proxy directly as proxy server pointing address and port?



b)ask (or try, see below) if it supports CONNECT. usually, if you can make httpS - yes;



c)if yes - on which ports.



and:

bind sshd at the target on this port (for example 443); just make sure the port is unused, and add another line with another one Port command, like this:

---

# What ports, IPs and protocols we listen for

Port 22

Port 443

---

reload or restart sshd and :

netstat -lnp|grep sshd

tcp * * * *0 * * *0 0.0.0.0:22 * * * * * * *0.0.0.0:* LISTEN * * *14379/sshd

tcp * * * *0 * * *0 0.0.0.0:443 * * * * * *0.0.0.0:* LISTEN * * *14379/sshd





use client which supports this (putty for example)



edi

PS tested, works with plain proxy (squid) and putty.

PS/2 sorry for the yelling, but: IT IS MANAGEMENT PROBLEM. don't try too hard to solve management problems with technical solutions. if you succeed, it may become nasty management's habit. sorry for the poor english.







--

To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org

with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: http://lists.debian.org/4C706B48.8050901@elib.minfin.bg
 

Thread Tools




All times are GMT. The time now is 05:23 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org