[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-hackers-public] Re: [Savannah-help-public] Access to Savannah
From: |
Sylvain Beucler |
Subject: |
[Savannah-hackers-public] Re: [Savannah-help-public] Access to Savannah thru http? |
Date: |
Sun, 27 Mar 2005 18:10:14 +0200 |
User-agent: |
Mutt/1.4.2.1i |
Hello,
After discussion and experiments, we came with the solution to bind
SSH to port 443 (https). This allows people to connect even from
behind a proxy.
Check:
http://savannah.gnu.org/faq/?admin=&group_id=5802&question=CVS_-_How_can_I_access_a_repository_from_behind_a_firewall_or_proxy.txt
It describes two ways to access a CVS repository in a "fascist"
network environment.
Could everybody have a look at it and send feedback if needed?
We are also open to questions.
--
Sylvain
On Sat, Feb 26, 2005 at 09:31:16PM +0530, Nagarjuna G. wrote:
> On Wednesday 16 Feb 2005 1:28 am, Sylvain Beucler wrote:
> > Hello address@hidden (I don't know your name),
>
> Sorry for the delay in replying.
> My name is Nagarjuna.
>
> > Richard Stallman told the GNU Savannah hackers that some
> universities
> > have troubles to connect to our CVS service, because they use
> > restrictive outgoing traffic firewall filtering rules.
> >
> > We are considering adding an SSH daemon that would listen on a port
> > allowed by such firewall.
> >
> > However, depending on this outgoing traffic filtering, this may or
> may
> > not work.
> >
> > We would like to get more information about this issue, and RMS told
> > us you could help. Can you explain the issue in detail to us? Would
> > providing CVS over SSH access using a port different than 22 help?
> >
>
> No, it wont, because only protocol open in some places is http, and
> further through a proxy only.
>
> The situation that we discovered in India during his recent visit was
> due to paranoid firewalls beings installed in the several campuses he
> visited. In these campuses, they are sending all out going packets
> through a proxy server and mostly only http. This makes people within
> the campus unable to access any server outside through other
> protocols, say using ssh. Only dialout connections provide full
> access in these places.
>
> In these places, Internet access is equivalent to browser access.
> surprisingly pop, fetchmail were also blocked.
>
> some thoughts: One possibility that occurs to me in this kind of a
> situation is to provide access to all our services through a web
> page, from where cvs checkin/out and upload/download are possible.
> There is one perl based openwebmail product that gives what is called
> `Web Disk'. If we allow this kind of disk then gnu hackers can access
> their home after authentication through ssl. We used this feature in
> our institute, so that we could close ftp port completely.
>
> If you need any further information, I will try to provide.
>
> RMS: In the note that you send to all the hosts while you are
> travelling, please mention that your mail transfer requires ssh
> access. Most people donot understand what it takes to do mail
> transfer. They dont use this term `mail transfer'. They assume that
> since a browser access is possible, they gladly tell you that Internet
> is available. As mentioned earlier for them Internet means Browser.
> Since they read mails through a browser they assume you also check
> using a browser. Most workable solution is dialing out an ISP, since
> most ISP's dont block any ports it will be easy.
- [Savannah-hackers-public] Re: [Savannah-help-public] Access to Savannah thru http?,
Sylvain Beucler <=