Hello, After discussion and experiments, we came with the solution to bind SSH to port 443 (https). This allows people to connect even from behind a proxy.
Check: http://savannah.gnu.org/faq/?admin=&group_id=5802&question=CVS_-_How_can_I_access_a_repository_from_behind_a_firewall_or_proxy.txt It describes two ways to access a CVS repository in a "fascist" network environment. Could everybody have a look at it and send feedback if needed? We are also open to questions. -- Sylvain On Sat, Feb 26, 2005 at 09:31:16PM +0530, Nagarjuna G. wrote: > On Wednesday 16 Feb 2005 1:28 am, Sylvain Beucler wrote: > > Hello [EMAIL PROTECTED] (I don't know your name), > > Sorry for the delay in replying. > My name is Nagarjuna. > > > Richard Stallman told the GNU Savannah hackers that some > universities > > have troubles to connect to our CVS service, because they use > > restrictive outgoing traffic firewall filtering rules. > > > > We are considering adding an SSH daemon that would listen on a port > > allowed by such firewall. > > > > However, depending on this outgoing traffic filtering, this may or > may > > not work. > > > > We would like to get more information about this issue, and RMS told > > us you could help. Can you explain the issue in detail to us? Would > > providing CVS over SSH access using a port different than 22 help? > > > > No, it wont, because only protocol open in some places is http, and > further through a proxy only. > > The situation that we discovered in India during his recent visit was > due to paranoid firewalls beings installed in the several campuses he > visited. In these campuses, they are sending all out going packets > through a proxy server and mostly only http. This makes people within > the campus unable to access any server outside through other > protocols, say using ssh. Only dialout connections provide full > access in these places. > > In these places, Internet access is equivalent to browser access. > surprisingly pop, fetchmail were also blocked. > > some thoughts: One possibility that occurs to me in this kind of a > situation is to provide access to all our services through a web > page, from where cvs checkin/out and upload/download are possible. > There is one perl based openwebmail product that gives what is called > `Web Disk'. If we allow this kind of disk then gnu hackers can access > their home after authentication through ssl. We used this feature in > our institute, so that we could close ftp port completely. > > If you need any further information, I will try to provide. > > RMS: In the note that you send to all the hosts while you are > travelling, please mention that your mail transfer requires ssh > access. Most people donot understand what it takes to do mail > transfer. They dont use this term `mail transfer'. They assume that > since a browser access is possible, they gladly tell you that Internet > is available. As mentioned earlier for them Internet means Browser. > Since they read mails through a browser they assume you also check > using a browser. Most workable solution is dialing out an ISP, since > most ISP's dont block any ports it will be easy.
