[Savannah-hackers-public] Re: [Savannah-help-public] Access to Savannah thru http?

[Sylvain Beucler]

Hello,

After discussion and experiments, we came with the solution to bind
SSH to port 443 (https). This allows people to connect even from
behind a proxy.

Check:

http://savannah.gnu.org/faq/?admin=&group_id=5802&question=CVS_-_How_can_I_access_a_repository_from_behind_a_firewall_or_proxy.txt

It describes two ways to access a CVS repository in a "fascist"
network environment.

Could everybody have a look at it and send feedback if needed?

We are also open to questions.

-- 
Sylvain

On Sat, Feb 26, 2005 at 09:31:16PM +0530, Nagarjuna G. wrote:
> On Wednesday 16 Feb 2005 1:28 am, Sylvain Beucler wrote:
> > Hello address@hidden (I don't know your name),
> 
> Sorry for the delay in replying.
> My name is Nagarjuna.
>  
> > Richard Stallman told the GNU Savannah hackers that some 
> universities
> > have troubles to connect to our CVS service, because they use
> > restrictive outgoing traffic firewall filtering rules.
> > 
> > We are considering adding an SSH daemon that would listen on a port
> > allowed by such firewall.
> > 
> > However, depending on this outgoing traffic filtering, this may or 
> may
> > not work.
> > 
> > We would like to get more information about this issue, and RMS told
> > us you could help. Can you explain the issue in detail to us? Would
> > providing CVS over SSH access using a port different than 22 help?
> >
> 
> No, it wont, because only protocol open in some places is http, and
> further through a proxy only.
> 
> The situation that we discovered in India during his recent visit was
> due to paranoid firewalls beings installed in the several campuses he
> visited.  In these campuses, they are sending all out going packets
> through a proxy server and mostly only http.  This makes people within
> the campus unable to access any server outside through other
> protocols, say using ssh.  Only dialout connections provide full
> access in these places.
> 
> In these places, Internet access is equivalent to browser access.
> surprisingly pop, fetchmail were also blocked.
> 
> some thoughts: One possibility that occurs to me in this kind of a
> situation is to provide access to all our services through a web
> page, from where cvs checkin/out and upload/download are possible.
> There is one perl based openwebmail product that gives what is called
> `Web Disk'.  If we allow this kind of disk then gnu hackers can access
> their home after authentication through ssl.  We used this feature in
> our institute, so that we could close ftp port completely.
> 
> If you need any further information, I will try to provide.
> 
> RMS: In the note that you send to all the hosts while you are
> travelling, please mention that your mail transfer requires ssh
> access.  Most people donot understand what it takes to do mail
> transfer.  They dont use this term `mail transfer'.  They assume that
> since a browser access is possible, they gladly tell you that Internet
> is available.  As mentioned earlier for them Internet means Browser.
> Since they read mails through a browser they assume you also check
> using a browser.  Most workable solution is dialing out an ISP, since
> most ISP's dont block any ports it will be easy.