144 lines
11 KiB
HTML
144 lines
11 KiB
HTML
<!DOCTYPE html>
|
||
<html lang="fr">
|
||
<head>
|
||
<meta charset="utf-8">
|
||
<title>YBlog - ssh sur le port 443 avec Snow Leopard</title>
|
||
<meta name="keywords" content="Apple, mac, ssh, securité" />
|
||
|
||
<link rel="shortcut icon" type="image/x-icon" href="../../../../Scratch/img/favicon.ico" />
|
||
<link rel="stylesheet" type="text/css" href="../../../../css/y.css" />
|
||
<link rel="stylesheet" type="text/css" href="/css/legacy.css" />
|
||
<link rel="alternate" type="application/rss+xml" title="RSS" href="/rss.xml" />
|
||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||
<link rel="apple-touch-icon" href="../../../../Scratch/img/about/FlatAvatar@2x.png" />
|
||
<!--[if lt IE 9]>
|
||
<script src="http://ie7-js.googlecode.com/svn/version/2.1(beta4)/IE9.js"></script>
|
||
<![endif]-->
|
||
<!-- IndieAuth -->
|
||
<link href="https://twitter.com/yogsototh" rel="me">
|
||
<link href="https://github.com/yogsototh" rel="me">
|
||
<link href="mailto:yann.esposito@gmail.com" rel="me">
|
||
<link rel="pgpkey" href="../../../../pubkey.txt">
|
||
</head>
|
||
<body lang="fr" class="article">
|
||
<div id="content">
|
||
<div id="header">
|
||
<div id="choix">
|
||
<span id="choixlang">
|
||
<a href="../../../../Scratch/en/blog/08_Configure_ssh_to_listen_the_port_443_on_Snow_Leopard/">Anglais</a>
|
||
</span>
|
||
<span class="tomenu"><a href="#navigation">↓ Menu ↓</a></span>
|
||
<span class="flush"></span>
|
||
</div>
|
||
</div>
|
||
|
||
<div id="titre">
|
||
<h1>ssh sur le port 443 avec Snow Leopard</h1>
|
||
|
||
</div>
|
||
<div class="flush"></div>
|
||
<div id="afterheader" class="article">
|
||
<div class="corps">
|
||
<h1 id="surfez-partout-comme-si-vous-étiez-chez-vous">Surfez partout comme si vous étiez chez vous</h1>
|
||
<p>Que ce soit pour surfer en toute sécurité depuis un accès <sc>wifi</sc> non sécurisé ou pour contourner les parefeux diaboliques des entreprises. J’ai configuré un serveur ssh écoutant sur le port 443 chez moi.</p>
|
||
<p>Ensuite de mon portable ou de mon ordinateur local, je dois simplement lancé la merveilleuse commande :</p>
|
||
<div>
|
||
<div class="sourceCode" id="cb1"><pre class="sourceCode zsh"><code class="sourceCode zsh"><a class="sourceLine" id="cb1-1" title="1"><span class="kw">ssh</span> -f -p 443 -ND 9050 username@host</a></code></pre></div>
|
||
</div>
|
||
<p>et un proxy <sc>socks</sc> écoute sur le port 9050. Ce proxy <sc>socks</sc> transférera toutes les requêtes locales via le tunnel ssh. Ainsi je peux surfer en local comme si je naviguais depuis mon ordinateur à la maison. Je peux écrire mon numéro de carte bleu sans avoir peur que le <sc>wifi</sc> local soit <em>sniffé</em>. Je dois simplement configurer mon navigateur web pour utiliser le proxy <sc>socks</sc> sur <code>localhost</code> écoutant le port 9050.</p>
|
||
<p>J’ai eu cette information à partir de <a href="http://dltj.org/article/ssh-as-socks-proxy/">cet article</a>.</p>
|
||
<h1 id="ssh-et-snow-leopardc">Ssh et Snow Leopard(c)</h1>
|
||
<p>J’ai un Mac avec Snow Leopard(c) à la maison. Il ne suffit pas de modifier le fichier <code>/etc/sshd.config</code> pour changer le port d’écoute d’<code>sshd</code>. Le système utilise <code>launchd</code> pour lancer les démons.</p>
|
||
<p>J’ai posé cette question sur <a href="discussions.apple.com">Apple Discussions</a> dans ce <a href="http://discussions.apple.com/thread.jspa?messageID=10141032">fil de discussion</a>. Merci à tous ceux qui m’ont aidé. Et la solution est :</p>
|
||
<p>Créer un fichier <tt>/Library/LaunchDaemons/ssh-443.plist</tt> contenant :</p>
|
||
<div>
|
||
<div class="sourceCode" id="cb2"><pre class="sourceCode xml"><code class="sourceCode xml"><a class="sourceLine" id="cb2-1" title="1"><span class="kw"><?xml</span> version="1.0" encoding="UTF-8"<span class="kw">?></span></a>
|
||
<a class="sourceLine" id="cb2-2" title="2"><span class="dt"><!DOCTYPE </span>plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"<span class="dt">></span></a>
|
||
<a class="sourceLine" id="cb2-3" title="3"><span class="kw"><plist</span><span class="ot"> version=</span><span class="st">"1.0"</span><span class="kw">></span></a>
|
||
<a class="sourceLine" id="cb2-4" title="4"><span class="kw"><dict></span></a>
|
||
<a class="sourceLine" id="cb2-5" title="5"> <span class="kw"><key></span>Disabled<span class="kw"></key></span></a>
|
||
<a class="sourceLine" id="cb2-6" title="6"> <span class="kw"><false/></span></a>
|
||
<a class="sourceLine" id="cb2-7" title="7"> <span class="kw"><key></span>Label<span class="kw"></key></span></a>
|
||
<a class="sourceLine" id="cb2-8" title="8"> <span class="kw"><string></span>local.sshd<span class="kw"></string></span></a>
|
||
<a class="sourceLine" id="cb2-9" title="9"> <span class="kw"><key></span>Program<span class="kw"></key></span></a>
|
||
<a class="sourceLine" id="cb2-10" title="10"> <span class="kw"><string></span>/usr/libexec/sshd-keygen-wrapper<span class="kw"></string></span></a>
|
||
<a class="sourceLine" id="cb2-11" title="11"> <span class="kw"><key></span>ProgramArguments<span class="kw"></key></span></a>
|
||
<a class="sourceLine" id="cb2-12" title="12"> <span class="kw"><array></span></a>
|
||
<a class="sourceLine" id="cb2-13" title="13"> <span class="kw"><string></span>/usr/sbin/sshd<span class="kw"></string></span></a>
|
||
<a class="sourceLine" id="cb2-14" title="14"> <span class="kw"><string></span>-i<span class="kw"></string></span></a>
|
||
<a class="sourceLine" id="cb2-15" title="15"> <span class="kw"></array></span></a>
|
||
<a class="sourceLine" id="cb2-16" title="16"> <span class="kw"><key></span>Sockets<span class="kw"></key></span></a>
|
||
<a class="sourceLine" id="cb2-17" title="17"> <span class="kw"><dict></span></a>
|
||
<a class="sourceLine" id="cb2-18" title="18"> <span class="kw"><key></span>Listeners<span class="kw"></key></span></a>
|
||
<a class="sourceLine" id="cb2-19" title="19"> <span class="kw"><dict></span></a>
|
||
<a class="sourceLine" id="cb2-20" title="20"> <span class="kw"><key></span>SockServiceName<span class="kw"></key></span></a>
|
||
<a class="sourceLine" id="cb2-21" title="21"> <span class="kw"><string></span>https<span class="kw"></string></span></a>
|
||
<a class="sourceLine" id="cb2-22" title="22"> <span class="kw"></dict></span></a>
|
||
<a class="sourceLine" id="cb2-23" title="23"> <span class="kw"></dict></span></a>
|
||
<a class="sourceLine" id="cb2-24" title="24"> <span class="kw"><key></span>inetdCompatibility<span class="kw"></key></span></a>
|
||
<a class="sourceLine" id="cb2-25" title="25"> <span class="kw"><dict></span></a>
|
||
<a class="sourceLine" id="cb2-26" title="26"> <span class="kw"><key></span>Wait<span class="kw"></key></span></a>
|
||
<a class="sourceLine" id="cb2-27" title="27"> <span class="kw"><false/></span></a>
|
||
<a class="sourceLine" id="cb2-28" title="28"> <span class="kw"></dict></span></a>
|
||
<a class="sourceLine" id="cb2-29" title="29"> <span class="kw"><key></span>StandardErrorPath<span class="kw"></key></span></a>
|
||
<a class="sourceLine" id="cb2-30" title="30"> <span class="kw"><string></span>/dev/null<span class="kw"></string></span></a>
|
||
<a class="sourceLine" id="cb2-31" title="31"> <span class="kw"><key></span>SHAuthorizationRight<span class="kw"></key></span></a>
|
||
<a class="sourceLine" id="cb2-32" title="32"> <span class="kw"><string></span>system.preferences<span class="kw"></string></span></a>
|
||
<a class="sourceLine" id="cb2-33" title="33"><span class="kw"></dict></span></a>
|
||
<a class="sourceLine" id="cb2-34" title="34"><span class="kw"></plist></span></a></code></pre></div>
|
||
</div>
|
||
<p>C’est une copie de <code>/System/Library/LaunchDaemons/ssh.plist</code> avec quelques modifications :</p>
|
||
<ul>
|
||
<li>le <code>SockServiceName</code> est devenu <code>https</code> au lieu de <code>ssh</code></li>
|
||
<li>le <code>Label</code> est passé de <code>com.openssh.sshd</code> à quelque chose qui n’existait pas comme <code>local.sshd</code></li>
|
||
</ul>
|
||
<p>Encore une fois j’espère que ça a pu être utile.</p>
|
||
</div>
|
||
<div id="afterarticle">
|
||
<div id="social">
|
||
<a href="/rss.xml" target="_blank" rel="noopener noreferrer nofollow" class="social">RSS</a>
|
||
·
|
||
<a href="https://twitter.com/home?status=http%3A%2F%2Fyannesposito.com/Scratch/fr/blog/08_Configure_ssh_to_listen_the_port_443_on_Snow_Leopard/%20via%20@yogsototh" target="_blank" rel="noopener noreferrer nofollow" class="social">Tweet</a>
|
||
·
|
||
<a href="http://www.facebook.com/sharer/sharer.php?u=http%3A%2F%2Fyannesposito.com/Scratch/fr/blog/08_Configure_ssh_to_listen_the_port_443_on_Snow_Leopard/" target="_blank" rel="noopener noreferrer nofollow" class="social">FB</a>
|
||
<br />
|
||
<a class="message" href="../../../../Scratch/fr/blog/Social-link-the-right-way/">Ces liens sociaux préservent votre vie privée</a>
|
||
</div>
|
||
<div id="navigation">
|
||
<a href="../../../../">Accueil</a>
|
||
<span class="sep">¦</span>
|
||
<a href="../../../../Scratch/fr/blog">Blog</a>
|
||
<span class="sep">¦</span>
|
||
<a href="../../../../Scratch/fr/softwares">Logiciels</a>
|
||
<span class="sep">¦</span>
|
||
<a href="../../../../Scratch/fr/about">Auteur</a>
|
||
</div>
|
||
<div id="totop"><a href="#header">↑ Top ↑</a></div>
|
||
<div id="bottom">
|
||
<div>
|
||
Published on 2009-09-07
|
||
</div>
|
||
<div>
|
||
<a href="https://twitter.com/yogsototh">Follow @yogsototh</a>
|
||
</div>
|
||
<div>
|
||
<a rel="license" href="http://creativecommons.org/licenses/by/3.0/deed.en_US">Yann Esposito©</a>
|
||
</div>
|
||
|
||
<div>
|
||
Done with
|
||
<a href="http://www.vim.org" target="_blank" rel="noopener noreferrer nofollow"><strike>Vim</strike></a>
|
||
<a href="http://spacemacs.org" target="_blank" rel="noopener noreferrer nofollow">spacemacs</a>
|
||
<span class="pala">&</span>
|
||
<a href="http://nanoc.ws" target="_blank" rel="noopener noreferrer nofollow"><strike>nanoc</strike></a>
|
||
<a href="http://jaspervdj.be/hakyll" target="_blank" rel="noopener noreferrer nofollow">Hakyll</a>
|
||
</div>
|
||
|
||
</div>
|
||
</div>
|
||
</div>
|
||
|
||
</div>
|
||
</body>
|
||
</html>
|