Article delegate-en/2749 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A2739@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Delegate Proxy
13 Sep 2004 22:11:29 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


On 09/02/04(08:04) you "Wen Pei (Betty) Liu" <wliu@nasa..> wrote
in <p06110409bd5c03068faf@[129.99.132.67]>
 |researching for proxies for ssh and scp and am curious about Delegate 
 |and its potential. I am hoping that I can get a better understanding 
 |by asking some questions.
 |
 |My basic situation is that I have a group of special computers that 
 |remote users want to log into, of which I don't want to be exposed to 
 |the outside world. So I am looking for a proxy/firewall that will act 
 |as the filter of all these user login and file transfers. We would 
 |also want to be able to enable secure ftp, scp from our target 
 |servers to the client and back also in this setup.
 |
 |The main idea is that we wanted users to feel like they were getting 
 |transparent ssh/scp/sftp access to our network while actually having 
 |a trusted box in the middle through which all access requests were 
 |mediated. 

As long as I know, secure communications like SSH and SSL does not allow
to be decoded by man-in-the-middle proxy for logging or access-control.
The cryptography can be decoded and encoded, but the information to
authenticate the peer (the server or the client on the another end) can
not be relayed.  This is the very reason why it is "secure".

 |Do you feel Delegate is an appropriate solution? What issues/concerns 
 |do you have in mind? You have specified that it supports all TCP 
 |protocols, which includes ssh, correct? Would users have to install 
 |Delegate as a client side program? Are there other requirements on 
 |the user side?

DeleGate can use SSH as a tunnel on which any protocol including HTTP, FTP,
Telnet, or so are conveyed.
See <URL:http://www.delegate.org/mail-lists/delegate-en/994>
It works as a proxy server to reach arbitrary servers on the other side
of the SSH tunnel.  But it will not be so useful when the target server
is a single one.

Cheers,
Yutaka
--
  D G   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( - )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V