Re: Firewall problem with OpenSSH?

From: Cab (me_at_privacy.net)
Date: 07/02/04

• Next message: Anoop: "Re: Cannot ssh to remote machine as normal user"
• Previous message: Darren Tucker: "Re: Firewall problem with OpenSSH?"
• In reply to: Darren Tucker: "Re: Firewall problem with OpenSSH?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 2 Jul 2004 09:19:20 +0200

Darren Tucker bored us all completely to death with wittery prose along
the lines of:

> In article <xn0dk556l21wn0000@164.152.152.22>, Cab <me@privacy.net>
> wrote:
> > My company blocks port 22 by default, so I've redirected port 21 on
> > my ADSL modem/router to port 22 on my Linux box at home.
>
> Firstly: if your employer blocks the port then what you're doing may
> be against the company's policy and might get you into trouble.

<G> You're probably right. I think it's more to batten down the hatches
against users that aren't really computer savvy. Why 22 was blocked, I
don't know as I know that they've left a lot of other ports open (like
for P2P apps, etc), so it doesn't make sense to me.

> Secondly: port 21 is a particularly bad choice for this: it's FTP
> and the FTP protocol is particularly hostile to NAT; as a result many
> NAT/firewall implementations mess with the content of connections on
> port 21 (eg "protocol helpers"), doing things that they don't normally
> do. Any changes to the data on an SSH connection will almost certain
> cause it to be terminated.

Ah yes? I'd chosen 21, as I don't host an ftp server at home, so the
port was going spare so to speak.

> This bit from the debug output is a good indicator that this is what
> is happening:
> > debug2: bits set: 500/1024
> > hash mismatch
>
> Use another port (443 is commonly used, but pretty much any other port
> is much less likely to cause problems).

I'll give that a crack. Ta.

-- 
Cab
email addy : cab_at_ukrm_dot_org

• Next message: Anoop: "Re: Cannot ssh to remote machine as normal user"
• Previous message: Darren Tucker: "Re: Firewall problem with OpenSSH?"
• In reply to: Darren Tucker: "Re: Firewall problem with OpenSSH?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: SSH trickery using -R ... > ssh connection to a remote machine, using the -R switch, which opens a ... > port on the remote machine, which is then redirected to the local ... on a port of my choosing. ... I also usually put the ssh comman inside a shell script with ... (Fedora) Re: Way to make an ssh tunnel be the "default router" ... > computer that has access to the Intranet. ... > I would like to create an ssh connection between my computer and the ... you can set up a "dynamic" port forward in your client ... localhost:1080 as a SOCKS proxy, ... (comp.os.linux.networking) Tunnelling through localhost address... ... I tunnel an SSH connection through a port ... MSTSC terminal services client application. ... A new console session cannot be established.". ... (microsoft.public.windowsxp.security_admin) Re: usefulness of changing ssh ports ... matter of minutes or even seconds, ... attempts to connect drop nearly to 0 in your connection logs, ... Port knocking is sweet to avoid just this problem, ... (comp.security.ssh) permanent ssh connection? ... two Solaris Sparc boxes, both running OpenSSH 3.1 ... The ssh connection has a local port forwarding and a remote one. ... This script doesn't work always as it should: ... (comp.security.ssh)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint