Re: Openssh, TCP Wrappers & Port Forwarding (Was: Re: TCP Wrappers)

From: Pontus Skoeld (pont_nyscss_at_soua.net)
Date: 05/08/03

  • Next message: Paul: "OpenSSH Problem -Please Help, Thank you!" 
    Date: 08 May 2003 11:25:55 +0200

    gary@hanley.net writes:

    > I'm trying to gateway-forward a connection from an F-Secure-SSH-2.3.1
    > client to a back-end server with the same F-Secure build thru this
    > OpenSSH box.
    >
    > On the OpenSSH box I have local port 2222 gateway-forwarded to the
    > back-end server port 22 and that works as it should: Both port
    > forwarding via 2222 to the back-end server and normal SSH via 22 to
    > this middle host works fine.
    >
    > When I try to stop the client from connecting to 2222 with TCP Wrappers
    > by defining it in the /etc/hosts.deny normal port-22 ssh is rejected,
    > however when I ssh to the forwarded port 2222 I am passed thru successfully.

    AFAIK, tcpwrappers are not used that way (I think there used to be
    some support for tcpwrapping X11-connections, but that seems gone
    now).

    You're probably best of with a packet filter such as SunScreen or ip
    filter. If you need the additional features offered by tcpwrappers,
    you should probably set up the tunnel on another port to only allow
    local connections and make a wrapper that tcpwraps the port (using
    inetd, tcpd and nc or tcpconnect or some other package that shouldn't
    be to hard)

    HTH
            /Pontus 

    -- 
Pontus Sköld, see <URL:http://soua.net/> for more information.
  • Next message: Paul: "OpenSSH Problem -Please Help, Thank you!"

    Relevant Pages

    • FreeBSD Security Advisory: FreeBSD-SA-01:63.openssh
      ... OpenSSH is an implementation of the SSH1 and SSH2 secure shell ... An experimental upgrade package is available for users who wish to ... Verify the detached PGP signature using your PGP utility. ... Upgrade your entire ports collection and rebuild the OpenSSH port. ...
      (FreeBSD-Security)
    • FreeBSD Security Advisory FreeBSD-SA-01:63.openssh
      ... OpenSSH is an implementation of the SSH1 and SSH2 secure shell ... An experimental upgrade package is available for users who wish to ... Verify the detached PGP signature using your PGP utility. ... Upgrade your entire ports collection and rebuild the OpenSSH port. ...
      (FreeBSD-Security)
    • FreeBSD Security Advisory: FreeBSD-SA-01:01.openssh
      ... OpenSSH is an implementation of the SSH1 and SSH2 secure shell ... corrected prior to the release of FreeBSD 4.2. ... correction date, or patch your current system source code and rebuild. ... Upgrade your entire ports collection and rebuild the OpenSSH port. ...
      (FreeBSD-Security)
    • RE: OPENSSH 3.4p1-3 on AIX 4.3.3
      ... I ran into a similar issue with a combination of Sun systems running SSH ... and Linux systems running a variety of recent OpenSSH versions. ... After some research I found that SSH v1 expects a low number port ...
      (SSH)
    • Re: proxy class - xml
      ... Local Port: ... Remote Host: bizt.somedomain.com ... Remote Port: 443 ... we also need to modify our webservice client proxy. ...
      (microsoft.public.dotnet.framework.aspnet.webservices)