Re: [tlug] Occam's Razor for SSH'ing to home

["Stephen J. Turnbull" <stephen@example.com>]

>>>>> "David" == David Bennett <davidbennett1979@example.com> writes:

    David> This would lead me to believe that my workplace is only
    David> letting HTTP traffic through on port 80.

The obvious way to do that is with a proxy.

    David> Is there such thing as an HTTP-TO-SSH proxy?

In a pedantic sense, no.  All proxies have the same protocol on each
end.  It would be possible to create an HTTP-to-SSH gateway, but it
wouldn't be very useful, because programs that speak HTTP don't know
how to do SSH authentication, and of course the gateway doesn't have
access to your credentials because it would be on the wrong side of
the firewall.

The word you want is "tunnel".  Jim gave one explanation.  Shawn gave
a very simple example (write a password to a file, PGP-encrypt it,
send the file as an HTTP PUT or POST, have the other side decode the
file and pass the password to the authentication program).

There are a number of problems with tunnels.  The most important from
you point of view is going to be that the HTTP protocol, although
lightweight from the point of view of what it's designed for, is quite
inefficient for implementing tunnels.  Worse yet, the proxy at the
firewall is going to introduce its own set of delays (of perceptible
length, too).  I don't think using the command line would be snappy
over such a tunnel, and interactive GUIs are likely to be extremely
painful.  Simply setting up the SSH connection over the tunnel could
take minutes although YMMV.  (Of course, there may be no proxy at the
firewall which would speed things up a lot, but by now I suppose that
everybody who's answered you would put money on there being a proxy
there.)  You won't know until you try, though.

If you have a _very_ limited set of well-defined tasks, you could
simply use CGIs on the webserver for each one.  Eg,
http://www.david.home/kitchen-control.cgi?rice-cooker=SWITCH_ON.

If you need more flexibility but not full interactivity, an
application server which allows scripting would be useful.  I like
Zope, Shawn had a suggestion too but I'm not familiar with the
software he's recommending.

Both of those are _much_ less secure than the SSH-over-HTTP tunnel.

-- 
School of Systems and Information Engineering http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
               Ask not how you can "do" free software business;
              ask what your business can "do for" free software.