backwards zebedee or ssh

[Habermann, David (DA)]

Chuck:

I've been following the thread between you and Glenn with much interest and I agree with your most recent conclusions.  The server should be inside the firewall and should somehow be able to initiate the connection to the outside client (like VNC can do with a server-initiated connection).  Your reasoning seems quite sound.

Dave Habermann
-----------------------------------------
So your setup (similar to mine) has you (the helpdesk) outside of the
firewall, which the person who needs the help is running behind.  They are the
ones who need to run Zebedee in server mode, not only because of the way
Zebedee is set to work (where the server mode provides the connection to the
service, in this case VNC) but also because since they are behind the
firewall, it makes more sense from a security standpoint for them to want to
restrict what ports you want to allow access to (the -r parm), not you.
Correct?

So, by providing a means to reverse the connection sequence, they get to run
the server part, with the necessary restrictions on port access, inside the
firewall where they have control over it so you can't arbitrarily connect to
other random ports other than the VNC one.

Other minor changes may needed to go with this, like the client code would
essentially ignore the server hostname in the port redirection command since
it no longer needs to know that to initiate the connection.
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------