[Rabbit-dev] SSH tunnel

Samat K Jain lists at samat.org
Thu Feb 16 01:38:36 CET 2012 

Putting this thread back on the list…

On Monday, February 13, 2012 05:35:07 AM Rick Leir wrote:
> > Since you already have a testbed setup, how about testing RabbIT over
> > an SSH tunnel?
> As it stands, RabbIT passes SSH though with no change.  It does not do
> any sort of MITM insertion, so it cannot compress the images and html.
> Maybe that is a possible future feature, but it raises a few questions
> for the user such as 'can I trust the RabbIT site admin?' or 'is this
> proxy really a RabbIT proxy or is it the black-hat at the back table'.
> If the user checks the cert then she will see a RabbIT cert, and not the
> origin server's cert.

I think you're confusing SSH and SSL? I otherwise have no idea what 
you're talking about—running RabbIT through SSH does not modify traffic 
and requires no support on the part of RabbIT.

> > While not really RabbIT-specific I've always wondered how much slower
> > tunneling HTTP over SSH is. A lot of people use HTTP proxies over SSH
> > links these days (public Wi-Fi and all that) and I don't think I've
> > ever seen a benchmark. SSH tunneling is notorious for being slow.
> >
> I would be happy to add a test for SSH tunneling. What are the commands
> you would use to set up a tunnel?

If you have RabbIT running on port 9666 at example.com, use:

   ssh -L 9666:localhost:9666 example.com

After you connect, configure your Web browser to connect to localhost:9666.

The alternative is having RabbIT available to the Internet on example.com—
which is bad idea (anyone could use your proxy, and if password 
protected trivially sniff your username/password for the proxy). I am 
sure (or hope) the majority of RabbIT users tunnel over SSH but I'm 
unaware of any benchmarks testing how much slower this is (SSH tunnels 
are notorious for being slow).

Other than a more complex VPN setup how do other RabbIT users connect to 
their RabbIT instances?

-- 
Samat K Jain <http://samat.org/> ▪ GPG: 0x4A456FBA

Three can keep a secret, if two of them are dead.
— Benjamin Franklin (238)

This e-mail is: [ ] bloggable [x] ask first [ ] private

More information about the Rabbit-dev mailing list