- Configuring bluecoat reporter for logging ssh update#
- Configuring bluecoat reporter for logging ssh manual#
Bitbucket engineers are actively addressing this, and there are workarounds available in the meantime. The latest release of OpenSSH - version 8.8, released on September 26th - introduced a configuration change that prevents that client from connecting to Bitbucket Cloud over SSH. After monitoring for two days, this ticket was closed because we are confident that the OpenSSH 8.8 incompatibility has been resolved. The team deployed a fix on Tuesday, Oct 19. The OpenSSH 8.8 client will function without the need for a workaround.
Configuring bluecoat reporter for logging ssh update#
As always if you have any comments or questions please feel free to contact me.Įdit Note: I want to thank Tim C: For the update and clarification on the card name and required license.Bitbucket Cloud now supports rsa-sha2-256 and rsa-sha2-512 algorithms. This technique may be able to be used on other proxies though I have not tested it on any.
Configuring bluecoat reporter for logging ssh manual#
This is a manual process and may cost more man hours then it would cost to purchase a SSL License and if need be a SSL offload card. You can also check the employee’s machine for applications that are not installed by your organization. To do this you can use tools like or even Google to search for information related to that IP. If you look at the IP addresses closely you can get an idea of what they are being used for. These connections will show as IP addresses and have the category TCP Tunnel. Now if you are an administrator of the BlueCoat you can detect people doing this slightly by reviewing the BlueCoat reporter logs. For example it is possible to configure your favorite instant messenger application such as AIM or Yahoo to make connections outbound over port 443 hence bypassing the controls put in place. Many applications that connect to the internet on certain ports can be configured to use whatever port you want. This happens for several reasons 1 st because the BlueCoat web proxy cannot analyze the https request, 2 nd the BlueCoat web proxy does not act as a application proxy and third since we are using port 443 and the proxy is configured to intercept port 443 our traffic is leaving the organization as that of the proxy hence making use of the firewall rule to allow us anywhere on the internet on that port. This allows me to circumvent both the Web Proxy and the Firewall. For example I have altered my SSH daemon at home to listen on port 443 instead of the default port of 22. For example since the BlueCoat our organization has (most schools and smaller shops don’t have this either) does not have a SSL offload card and a SSL license and port 443 is open I can take advantage of this to bypass security. Since the BlueCoat does not act as application proxy meaning it does not analyze the protocols you can use open ports to tunnel any application over. This rule basically says anyone going out as the web proxy is allowed to any destination on either port 80 or 443.
The next issue is since https is required by most companies to be able to carry out a normal work day there is most likely a firewall rule in the organization that reads as follows: source: BlueCoat Web Proxy IP -> destination: Any -> service: http and https.
Side note many sites are not as big as Google so blocking their IP range to stop you from bypassing the BlueCoat web proxy may be easier. You can use this method for any https site that does not any time redirect you to http. The other benefit of Gmail is that it will not redirect you to any http it makes sure if you choose https it will not redirect you back to http unlike Yahoo, who redirects you from https at the login to http once you get sent to your mailbox. If we go to the BlueCoat Web proxy will not see that as a mail site as the URL will be translated to an IP and the packets are encrypted. Well thanks to Gmail for worrying about its user’s security and privacy we can now bypass the BlueCoat Web Proxy. For example most likely your organization has a policy that blocks you from going to internet based email such as Gmail, Yahoo and so on. This limitation creates a security concern because it allows users to use secure protocols to bypass policies. This basically limited the ability for us to filter anything on port 443 unless we knew the IP to set in policy to block since the page was encrypted and we could not decrypt the packet to apply policy. Several months ago an organization I work for implemented BlueCoat Web Proxy but they did not purchase a SSL offload card (required for organizations of our size as a license alone would bog down the rest of the box) or a SSL License. Posted on Monday, 8th February 2010 by Michael
0 kommentar(er)
