HTTP before SSH
There USED TO BE two methods to connect to an SSH server over PageKite. One is based on IP-address tracking and timing at the front-end, the other (more reliable) uses the HTTP Proxy protocol (see SshOverPageKite).
Support for the timing-based technique is being phased out, as it is both insecure difficult to troubleshoot. For posterity, the old instructions may be seen below, but note that they will not work for much longer with the PageKite service.
OUTDATED: IP address tracking method
Note: For security reasons, this method is not recommended! Please use the HTTP Proxy method whenever possible.
The advantage of this method, is it requires no special modification or configuration of your SSH client: you simply connect to user.pagekite.me as usual.
However, in order for the connection to succeed, you must first use a web-browser to visit http://user.pagekite.me/. After visiting this page, the connection will be accessible for a couple of minutes.
The way this works, is the PageKite front-end remembers which website your IP address last connected to, and assumes that the next connection on port 22 from that same IP is destined for the same host. Clever? Scary? Both?
As a result, this method will not work reliably if you are sharing your IP address with other users or if you are accessing many different PageKite connected services at the same time. More importantly, you could even end up connecting to the wrong machine. So for security reasons, this method should be avoided and treated as a last resort. If you have no choice, please use private/public-key based access only and never ignore the security warnings from SSH. Also, never use password authentication with this method.
The Beanstalks Project ehf.
Comments