Thanks for the response. I don't think that was the concern because
I have SSH "exposed" anyway for CLI admin of the server and there was
no concern expressed over this.
No, it was explicitly the tunnelling of the other stuff through SSH
that was apparently the concern.
What I am trying to achieve is webadmin of QTSS (normally on port
1220) and use of QTSS Publisher (normally on port 311) with only port
22 available to me. Port 80 is there but in use.
I suppose one way would be to set up another IP address and to setup
those two apps to use port 22 and 80 so the traffic will go through
the firewall but I was hoping for something a little less quirky!
Any other clues from anyone..?
On 04/01/2006, at 2:18 PM, Kevin Packard wrote:
> On Dec 31, 2005, at 2:58 AM, Chris Stephens wrote:
>> Hi folks,
>> I have recently installed a dual XServe G5 at a datacentre and
>> they won't let me (yet!) open up ports 311 and 1220 - for QTSS
>> publisher and the web interface to QTSS respectively.
>> While I was there the guys (mostly Linux guys, fwiw) rang up a
>> "friend" who warned them empahtically not to tunnel these two
>> through SSH - but without giving any reason.
>> Is this mystery person right? Is there a security risk of doing
>> that? Has anyone done this? If so, what is the best way - using
>> SSH Tunnel Manager?
>> Thanks for your help with this...
> It's possible that your "mystery friend" was concerned about
> exposing ssh directly to the public internet. IPSec is a safer
> choice, although it places an additional computational burden on
> both the broadcaster and server.
> Kevin Packard
> blackfrog software, inc.
> Do not post admin requests to the list. They will be ignored.
> Streaming-server-dev mailing list (Streaming-server-
> Help/Unsubscribe/Update your Subscription:
> http://lists.apple.com/mailman/options/streaming-server-dev/sub1% > 40elucid.org
> This email sent to sub1@eluc...