Success

Tue 25 September 2007
By mute

It's nothing special, but it works here. I'm actually writting this from work! It's much slower than normal browsing. Could be a few things. My server might be slow (yah it prob is, it's cheap!) and every little HTTP connection turns into a encrypted HTTPS tunnel with key exchanges and encryption for the smallest of files... That's where I'd assume most of the overhead is. A single connection which stays open and tunnels traffic may do better -- PuTTY/ssh does that very nicely. But do I want to run SSH which is encrypted (but optionally compressed!) underneath an SSL tunnel? Twice encrypted, that takes some CPU cycles, but I believe keeping 1 connection and not having to do the handshakes every time, plus a bit of compression...

Workstation -> stunnel client -> Firewall -> stunnel server -> tinyproxy -> sshd

Wow. It's so easy if it's just ssh, cut out stunnel and tinyproxy. Why does SSH have to not work over this dern proxy? I wish they had used a protocol which looked more like a real HTTPS connection. I already use it on port 443 on my secondary IP for such occasions! :) I seriously think it's just because the server talks first... I could hack PuTTY (sources are available) and my sshd, but what'd that really help me achieve? SPEED! Incompatibilities... :D

Comments