Can mindterm do this?

[Andreas Gunnarsson]

On Mon, Mar 13, 2006 at 11:41:54AM -0800, andrew fabbro wrote:
> laptop      firewall/proxy  abc123.somewhere.com
>       http  ---OK------->   http://abc123.somewhere.com/mindterm/blah.html
>       https ---OK------->   https://abc123.somewhere.com/mindterm/blah.html
>       ssh   ---BLOCK---->   abc123.somewhere.com's port 22
[...]
> I'm thinking mindterm can't do this because it will try to setup an
> ssh session from the laptop to the host, which the firewall won't allow.
> Or am I (hopefully) wrong?

The MindTerm applet can be downloaded but you are correct that the ssh
session is a separate session which normally uses port 22 and will
therefore be blocked.  The best solution is to ask the firewall admin to
open port 22.

If they won't do that, but if it's still OK according to the policy to
set up an ssh tunnel there are a few things you can try.

Most of the time it's possible to get it to work if you can set up your
ssh server to listen on port 80 or 443 and then tell MindTerm to use
that port instead.  That means that your web server won't be able to use
that port on that IP address though.

In some cases the firewall actually examines the traffic and only allows
stuff that looks like http or https.  This is rare though, especially
when using port 443.  Should that be the case you may be able to set up
something like httptunnel (http://www.nocrew.org/software/httptunnel/)
on some machine inside the firewall and then use MindTerm or some other
ssh client via that tunnel.  I'm not sure I'd recommend that from a
security point of view though; I haven't used httptunnel myself or
checked the code so I'd be a little worried about it.

Of course, since the firewall doesn't allow port 22 it's a good chance
that you will breach the security policy doing this, and that's probably
a bad idea.

Regards,
   Andreas