Putting this thread back on the list?
Post by Samat K JainSince you already have a testbed setup, how about testing RabbIT over
an SSH tunnel?
As it stands, RabbIT passes SSH though with no change. It does not do
any sort of MITM insertion, so it cannot compress the images and html.
Maybe that is a possible future feature, but it raises a few questions
for the user such as 'can I trust the RabbIT site admin?' or 'is this
proxy really a RabbIT proxy or is it the black-hat at the back table'.
If the user checks the cert then she will see a RabbIT cert, and not the
origin server's cert.
I think you're confusing SSH and SSL? I otherwise have no idea what
you're talking about?running RabbIT through SSH does not modify traffic
and requires no support on the part of RabbIT.
Post by Samat K JainWhile not really RabbIT-specific I've always wondered how much slower
tunneling HTTP over SSH is. A lot of people use HTTP proxies over SSH
links these days (public Wi-Fi and all that) and I don't think I've
ever seen a benchmark. SSH tunneling is notorious for being slow.
I would be happy to add a test for SSH tunneling. What are the commands
you would use to set up a tunnel?
If you have RabbIT running on port 9666 at example.com, use:
ssh -L 9666:localhost:9666 example.com
After you connect, configure your Web browser to connect to localhost:9666.
The alternative is having RabbIT available to the Internet on example.com?
which is bad idea (anyone could use your proxy, and if password
protected trivially sniff your username/password for the proxy). I am
sure (or hope) the majority of RabbIT users tunnel over SSH but I'm
unaware of any benchmarks testing how much slower this is (SSH tunnels
are notorious for being slow).
Other than a more complex VPN setup how do other RabbIT users connect to
their RabbIT instances?
--
Samat K Jain <http://samat.org/> ? GPG: 0x4A456FBA
Three can keep a secret, if two of them are dead.
? Benjamin Franklin (238)
This e-mail is: [ ] bloggable [x] ask first [ ] private