Re: [squid-users] squid and SSH

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 24 Feb 2004 09:14:02 +0100 (CET)

On Mon, 23 Feb 2004, Anthony M. Rasat wrote:

> Not exactly sure about what you are asking here. SSH is not HTTP traffic,
> don't confuse it with FISH (SFTP over web browser). Also I think SSH public
> key should not cached by Squid for security reason.

Any TCP protocol can be tunneled over a HTTP proxy by abusing the CONNECT
method provided the client can wrap it's connection into a HTTP CONNECT
request to the proxy.

This is not liked by HTTP proxy developers due to the rather nasty
security implications of overloading the CONNECT method with additional
uses. If you really want "generic" TCP proxying you should look into using
a SOCKS proxy in addition to Squid.

Squid, for HTTP proxying and caching, including SSL access by browsers to
keep things simple.

SOCKS, for proxying of other protocols such as SSH, POP-3, IMAP, ICQ, IRC,
etc etc...

Regards
Henrik
Received on Tue Feb 24 2004 - 01:14:28 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:03 MST