"H. Wade Minter" wrote:
>
> So my question is: Is there any way, on a firewall-type level, to block scp
> traffic, while allowing ssh and slogin? This would allow them to stop file
> copies, but let secure shells go through.
At the firewall, I don't think so; my understanding is that scp is
really just a wrapper around ssh, and that to a router, ssh and scp are
going to look exactly the same.
What about setting up some kind of gateway/proxy service, such that
packets get encrypted at or before the firewall, but after the net nazis
have a chance to snoop them? Say, a single box which is allowed ssh
access past the firewall, but which only accepts connections via
telnet. Internal Security or HR is responsible for that box. Log all
command lines, log all network traffic to and from that box, but you
(and your company, which should care about this IMHO if they're that
paranoid about their data) gain the benefits of encryption outside the
private net.
Not an ideal solution but then neither is requiring telnet over ssh...
--
Michael Jinks mjinksATsysvi.com ~*~ http://www.yellow5.com/pokey/
unconfirmed: the linux penguin;the bsd daemon;the sunOS brain slug
