<div class="gmail_quote">On Wed, Dec 16, 2009 at 11:49, Dagobert Michelsen <span dir="ltr"><<a href="mailto:dam@opencsw.org">dam@opencsw.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi Rupert,<br>
<br>
Am 16.12.2009 um 08:45 schrieb rupert THURNER:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Tue, Dec 15, 2009 at 18:24, Ben Walton <<a href="mailto:bwalton@opencsw.org" target="_blank">bwalton@opencsw.org</a>> wrote:<br>
Excerpts from rupert THURNER's message of Tue Dec 15 11:51:50 -0500 2009:<br>
> from work? no, nothing but http/s. but i will ask them if i get an exception<br>
> for ssh to opencsw.<br>
<br>
the firewall policies allow certain things, and forbid others, besides the technical restrictions in place. either there is a technically clean possibility in line with the rules (like Sun SGD), or i have to go through the paper process for getting a permission for "ssh login.opencsw".<br>
<br>
but i do not want to break their rules even if technically possible (e.g. pierce the firewall by tunneling ssh through 443). if i do not like the rules any more it is time to look for another job i guess :)<br>
</blockquote>
<br>
Fortunately setting up SGD is quite easy. If you want you can try<br>
logging in with accessing<br>
<a href="https://login.opencsw.org" target="_blank">https://login.opencsw.org</a><br>
(http is redirected). As it is not an official certificate you must<br>
accept the root cert and add it to your keystore once.<br>
<br></blockquote></div><br>uuh .. that reminds me that we have another restriction in place: there is a list of trusted ca's. we use a software called "webwasher" which breaks up https connections at the firewall - and blocks everything which is not on this list.<br>
<br>but, we convinced the security people to accept <a href="http://cacert.org/">http://cacert.org/</a> certs to have a free alternative as well - besides the usual suspects thawte, etc.<br><br>rupert.<br><br>