Outgoing SSH connection behind a firewall

From: Augustus SFX van Dusen (ASFXvD_at_story.net)
Date: 12/01/04 

Date: Wed, 01 Dec 2004 21:55:01 GMT

        I am trying to establish an outgoing SSH connection, from a box A that
lives behind a firewall. The firewall is in another box B that has two
NICs. NIC N1 has IP address I1, and corresponds to my internal LAN. NIC N2
has IP address I2, and is connected to a hardware router R, which exposes
an IP address I3 to the internet. That is, I3 is my externally visible IP
address.

        A has internet access by IP masquerading via B. Thus, if I understand
things correctly, packets generated in A for a box C somewhere in the
internet are first sent to B, which manipulates them so that when they get
to C they are coming from IP address I3 - no reference remains of whatever
IP address A has in my LAN, of course. The returning packets are forwarded
by B to A appropriately.

        What I would like is to be able to start SSH connections from A to C,
so that I do not have to type my password for every new connection.
Usually this can be done by generating a private/public key pair in A with
ssh-keygen, copying the public key to the appropriate location in C, and
adding my unlock password by means of ssh-add once at the beginning of my
session. From that point onwards I should be able to ssh from A to C
without typing any passwords, at least as long as my session stays up.

        Well, this does not work, in the setup described above. I believe this is
because, when generating in A the file that contains the public key,
ssh-keygen uses local naming information for A - which is not what is
arriving to C, which just receives packet information from the external
IP address I3.

        Can anybody suggest a way around this? I can still establish an SSH
connection from A to C, but I am prompted for a password every time -
which is what I want to avoid.

Relevant Pages

  • Re: 2 NICs Configuration Problem
    ... the server as Paul envisaged it. ... gateway (to the Internet through the NIC connected to the Sonicwall DMZ ... NICs should not have default gateways configured for both. ... DMZ ports of any firewall, is an alternative path that cause great ...
    (microsoft.public.windows.server.networking)
  • Re: How save is a Windows PC on a Linux network.
    ... firewall between the dialup and the internal lan. ... If you have Smoothwall Express, you could do better, as it has no NAT ... The internet has *tons* of info on how to secure you LAN. ...
    (comp.os.linux.misc)
  • Re: Firewall issues with setting up vsftp server
    ... the iptables are the defaults provided with FC3. ... >internet, just turn off the firewalling on the NIC which is connected ... >actually trust it) turn off the firewall on your server completely. ... I might also add that your comments above about using dual NICS, ...
    (Fedora)
  • Re: Dual firewall setup
    ... >so I can monitor internet and network traffic. ... You don't need a software firewall to monitor packets. ... You don't need two NICs ...
    (comp.security.firewalls)
  • Re: Problem with POP access
    ... The server has 2 NICs and has the firewall enabled. ... The problem is that POP3 does not seem to work on the Internet ... NICs, while the other has one and a hardware firewall. ...
    (microsoft.public.windows.server.sbs)