there should not be any security risks in allowing outgoing ssh connections. generally, you want your firewall to stop incoming connections, and usually not worry about outgoing connections, unless you are just overly paranoid and/or restrictive and dont want users on your network to be able to access services outside your network for whatever reason. i would bet that outgoing ssh connects are not even blocked on your firewall but if all outgoing requests have to first go through a proxy then to the internet, that might be blocking it. is the proxy also the gateway, or is the gateway a seperate machine on a different subnet or network? if its a seperate machine on the same network and you know the ip address, try changing your default route to that ip and see if ssh is blocked for outgoing connections. ignore any of this information if your network admin is particularly hostile and would go crazy if you bypassed the proxy. On Thu, 23 Aug 2001, Frank Rabe wrote:
Hi All
I would like to install a ssh client software on a win2000 system, which is connected through Unix firewall with the internet. The services available are email (read - pop3, send - smtp). Other then that only a proxy for http and ftp through a browser is available. The admin refuse to open the ssh port for security reasons, so I need some information from experts. ;-) What would be the decrease in security, if the admin would open the ssh port on the firewall for an outgoing ssh service? Would it be possible to just allow outgoing ssh, but to block incoming ssh requests by the firewall, so that ssh won't introduce any new attacing risks? Any other ideas to be able to use ssh outgoing?
TIA Frank
-- --------------- Power Over Information -------------- Frank.Rabe@empress.de Empress Software GmbH Phone: +49 (0)40 521 129-0 Web: www.empress.de
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Chad Whitten Network/Systems Administrator Nexband Communications chadwick@nexband.com