Re: [leaf-user] scp?

[Robert K Coffman Jr. -Info From Data Corp.]

 I've got SFTP set up to fall back into SCP.

Doug,

I hardcode this to SCP for Leaf.  Also disable Lookup user groups 
under Environment - SCP/Shell.

- Bob Coffman

--
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] scp?

[Doug Sampson]

 I hardcode this to SCP for Leaf.  Also disable Lookup user groups
 under Environment - SCP/Shell.

How do you hardcode this?

~Doug
 


--
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] scp?

[Doug Sampson]

  I hardcode this to SCP for Leaf.  Also disable Lookup user groups
  under Environment - SCP/Shell.
 
 How do you hardcode this?
 

firewall# find / | grep scp
/sys/module/x_tables/holders/xt_dscp
/sys/module/xt_dscp
/sys/module/xt_dscp/holders
/sys/module/xt_dscp/initstate
/sys/module/xt_dscp/refcnt
/sys/module/xt_dscp/sections
/sys/module/xt_dscp/sections/.note.gnu.build-id
/sys/module/xt_dscp/sections/.text
/sys/module/xt_dscp/sections/.exit.text
/sys/module/xt_dscp/sections/.init.text
/sys/module/xt_dscp/sections/.rodata.str1.4
/sys/module/xt_dscp/sections/.data..read_mostly
/sys/module/xt_dscp/sections/.gnu.linkonce.this_module
/sys/module/xt_dscp/sections/.symtab
/sys/module/xt_dscp/sections/.strtab
/sys/module/xt_dscp/notes
/sys/module/xt_dscp/notes/.note.gnu.build-id
/usr/bin/scp
/lib/modules/xt_dscp.ko
/lib/xtables/libxt_dscp.so

firewall# ll /usr/bin | grep scp
lrwxrwxrwx1 root root21 Nov 15 17:39 scp - 
../sbin/dropbearmulti

firewall# ../sbin/dropbearmulti
Dropbear multi-purpose version 2012.55
Make a symlink pointing at this binary with one of the following names:
'dropbear' - the Dropbear server
'dropbearkey' - the key generator
'scp' - secure copy

firewall#

Does Leaf have its own SCP command? If so, what/where is it?

~Doug

--
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] scp?

[Doug Sampson]

   I hardcode this to SCP for Leaf.  Also disable Lookup user groups
   under Environment - SCP/Shell.
 
  How do you hardcode this?
 
 
 firewall# find / | grep scp
 /sys/module/x_tables/holders/xt_dscp
 /sys/module/xt_dscp
 /sys/module/xt_dscp/holders
 /sys/module/xt_dscp/initstate
 /sys/module/xt_dscp/refcnt
 /sys/module/xt_dscp/sections
 /sys/module/xt_dscp/sections/.note.gnu.build-id
 /sys/module/xt_dscp/sections/.text
 /sys/module/xt_dscp/sections/.exit.text
 /sys/module/xt_dscp/sections/.init.text
 /sys/module/xt_dscp/sections/.rodata.str1.4
 /sys/module/xt_dscp/sections/.data..read_mostly
 /sys/module/xt_dscp/sections/.gnu.linkonce.this_module
 /sys/module/xt_dscp/sections/.symtab
 /sys/module/xt_dscp/sections/.strtab
 /sys/module/xt_dscp/notes
 /sys/module/xt_dscp/notes/.note.gnu.build-id
 /usr/bin/scp
 /lib/modules/xt_dscp.ko
 /lib/xtables/libxt_dscp.so
 
 firewall# ll /usr/bin | grep scp
 lrwxrwxrwx1 root root21 Nov 15 17:39 scp -
 ../sbin/dropbearmulti
 
 firewall# ../sbin/dropbearmulti
 Dropbear multi-purpose version 2012.55
 Make a symlink pointing at this binary with one of the following names:
 'dropbear' - the Dropbear server
 'dropbearkey' - the key generator
 'scp' - secure copy
 
 firewall#
 
 Does Leaf have its own SCP command? If so, what/where is it?
 

I seem to have misconfigured the WinSCP setup for the scp connection to the BuC 
firewall. The scp connection is working fine now. I just had to choose to 
establish a SCP connection instead of a SFTP connection with fallback to SCP. 
Egads.

I also had to make sure that the shell points to /bin/sh as well.

~Doug

--
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] scp?

[Doug Sampson]

Running version 4.3.1. of BuC. Apparently I cannot scp into the firewall. 
/var/log/auth.log reports successful login but then my WinSCP app hangs and 
times out.

I've got SFTP set up to fall back into SCP. Both SFTP server and SCP shell is 
set to /bin/sh.

This WinSCP configuration worked with older version of 3.x. Is there a tweak I 
need to implement for version 4.3.x?

Should I consider a different SCP app for Windows?

~Doug

--
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] scp?

[Erich Titl]

Hi Doug

on 16.11.2012 03:13, Doug Sampson wrote:
 Running version 4.3.1. of BuC. Apparently I cannot scp into the firewall. 
 /var/log/auth.log reports successful login but then my WinSCP app hangs and 
 times out.
 
 I've got SFTP set up to fall back into SCP. Both SFTP server and SCP shell is 
 set to /bin/sh.
 
 This WinSCP configuration worked with older version of 3.x. Is there a tweak 
 I need to implement for version 4.3.x?

I was successful with it on 4.3, but I always use the OpenSSH
implementation.

 
 Should I consider a different SCP app for Windows?

Unless you succeed with scp on *X, I wouldn't.I suspect it to be a
problem on the server side.

cheers

Erich





smime.p7s
Description: S/MIME Kryptografische Unterschrift
--
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] SCP/SFTP

[Doug Sampson]

I'm building a stock Bering uClibc 2.3.1 router and am trying to connect
using WinSCP 3.7.6 from the internal network. I keep getting a time-out.
Error message says Server refused to start a shell/command. I can
successfully access using ssh. What do I need to get a shell running on
Bering? I would like to copy files to/from Bering.

~Doug

___
«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»
¯¯¯
 Doug Sampson
 Information Technology
 Dawn Sign Press
 dougs (at) dawnsign dot com
___
«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»
¯¯¯


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37alloc_id865op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

RE: [leaf-user] SCP/SFTP

[Doug Sampson]

Oh, and I should add that I am using dropbear.

~Doug

 
 I'm building a stock Bering uClibc 2.3.1 router and am trying 
 to connect
 using WinSCP 3.7.6 from the internal network. I keep getting 
 a time-out.
 Error message says Server refused to start a shell/command. I can
 successfully access using ssh. What do I need to get a shell 
 running on
 Bering? I would like to copy files to/from Bering.
 
 ~Doug
 
 ___
 «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»
 ¯¯¯
  Doug Sampson
  Information Technology
  Dawn Sign Press
  dougs (at) dawnsign dot com
 ___
 «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»
 ¯¯¯
 
 
 ---
 This SF.net email is sponsored by: Splunk Inc. Do you grep 
 through log files
 for problems?  Stop!  Download the new AJAX search engine that makes
 searching your log files as easy as surfing the  web.  
 DOWNLOAD SPLUNK!
 http://ads.osdn.com/?ad_idv37alloc_id865op=click
 --
 --
 leaf-user mailing list: leaf-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 Support Request -- http://leaf-project.org/
 


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37alloc_id865op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] SCP/SFTP

[Victor McAllister]

Doug Sampson wrote:


Oh, and I should add that I am using dropbear.

~Doug

 

I'm building a stock Bering uClibc 2.3.1 router and am trying 
to connect
using WinSCP 3.7.6 from the internal network. I keep getting 
a time-out.

Error message says Server refused to start a shell/command. I can
successfully access using ssh. What do I need to get a shell 
running on

Bering? I would like to copy files to/from Bering.

~Doug

Did you configure winscp to use a shell.  Folow the instructions here in 
winscp.


http://sourceforge.net/mailarchive/message.php?msg_id=9995360



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

RE: [leaf-user] scp broken in bering-uclib 2.2.0_b4?

[Frank Dauer]

Martin wrote:

 Please let me know if that one works for you.

Thank you very much for this, now scp works fine!

Bye,

Frank


---
This SF.Net email sponsored by Black Hat Briefings  Training.
Attend Black Hat Briefings  Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] scp broken in bering-uclib 2.2.0_b4?

[Frank Dauer]

Hello!

When I want to scp something, my system states that it
can not find the binary:

Emerald:~ scp .profile.off [EMAIL PROTECTED]:/tmp/
/usr/local/bin/ssh: No such file or directory
lost connection
Emerald:~

I have:

ssh 3.7.1p1 Rev 4  OpenSSH ssh client.

from the packages download page.

Is this a already known problem?

Bye,

Frank


---
This SF.Net email sponsored by Black Hat Briefings  Training.
Attend Black Hat Briefings  Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] scp broken in bering-uclib 2.2.0_b4?

[Ben Wang]

I experienced the same problem, the binary is actually there but in 
/usr/bin just do a symlink to it and backup local.lrp.

It worked for me :)
Ben
Frank Dauer wrote:
Hello!
When I want to scp something, my system states that it
can not find the binary:
Emerald:~ scp .profile.off [EMAIL PROTECTED]:/tmp/
/usr/local/bin/ssh: No such file or directory
lost connection
Emerald:~
I have:
ssh 3.7.1p1 Rev 4  OpenSSH ssh client.
from the packages download page.
Is this a already known problem?
Bye,
Frank
---
This SF.Net email sponsored by Black Hat Briefings  Training.
Attend Black Hat Briefings  Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

 


---
This SF.Net email sponsored by Black Hat Briefings  Training.
Attend Black Hat Briefings  Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] scp broken in bering-uclib 2.2.0_b4?

[Martin Hejl]

Frank Dauer wrote:
Hello!
When I want to scp something, my system states that it
can not find the binary:
Emerald:~ scp .profile.off [EMAIL PROTECTED]:/tmp/
/usr/local/bin/ssh: No such file or directory
lost connection
Emerald:~
I have:
ssh 3.7.1p1 Rev 4  OpenSSH ssh client.
from the packages download page.
Is this a already known problem?
You are right - it's broken. And you are also right - it was a known 
issue, but for some reason, the fixed package never made it into cvs (I 
probably just forgot about it). Sorry about that.

A fixed version is on it's way to CVS (it takes around a day to show up) 
and from there to the packages page, in the mean time you can download 
the updated package from http://lrp.hejl.de/devel/sshd.lrp

Please let me know if that one works for you.
Martin

---
This SF.Net email sponsored by Black Hat Briefings  Training.
Attend Black Hat Briefings  Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] SCP

[Roger E McClurg]

I'm using Bering 1.2 with SSH (OpenSSH_3.5p1,) and SSHD. Problem is that 
SCP is missing. Does anyone know what happened to SCP in the SSH package? 

Roger



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] SCP

[Erich Titl]

Roger

At 09:03 07.04.2004 -0400, Roger E McClurg wrote:
I'm using Bering 1.2 with SSH (OpenSSH_3.5p1,) and SSHD. Problem is that 
SCP is missing. Does anyone know what happened to SCP in the SSH package? 

For some unknown reason scp is in sshd.lrp

cheers
Erich

THINK 
Püntenstrasse 39 
8143 Stallikon 
mailto:[EMAIL PROTECTED] 
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70alloc_id638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] SCP

[Roger E McClurg]

Erich,

I found the answer. It is not in sshd 3.5p1 but it is in sshd 3.7.1p2. 
Thanks for the help.

Roger






Erich Titl erich.titl
@think.ch
04/07/2004 10:41 AM
 
To: Roger E McClurg/CEG/[EMAIL PROTECTED], 
[EMAIL PROTECTED]
cc: 
Subject:Re: [leaf-user] SCP


Roger

At 09:03 07.04.2004 -0400, Roger E McClurg wrote:
I'm using Bering 1.2 with SSH (OpenSSH_3.5p1,) and SSHD. Problem is that 
SCP is missing. Does anyone know what happened to SCP in the SSH package? 


For some unknown reason scp is in sshd.lrp

cheers
Erich

THINK 
Püntenstrasse 39 
8143 Stallikon 
mailto:[EMAIL PROTECTED] 
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16






---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70alloc_id638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] scp for Bering-uClib

[Eric House]

Dropbear, which I otherwise love, doesn't include scp.  The dropbear
docs suggest that scp from the ssh package can be used, but while the
scp on my Debian system is plenty small it of course links in a half
dozen libraries, including libc, that aren't present on Bering-uClib.

Before I try to figure out how to build scp for Bering-uClib, does
anybody have a .lrp to share?  Or know of plans to include one anytime
soon?

Thanks,

--Eric House
-- 
**
* From the desktop of: Eric House, [EMAIL PROTECTED]*
*Crosswords 4.0 for PalmOS is out!: http://www.peak.org/~fixin/xwords  *
**


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] scp for Bering-uClib

[K.-P. Kirchdörfer]

Am Montag, 8. Dezember 2003 17:09 schrieb Eric House:
 Dropbear, which I otherwise love, doesn't include scp.  The dropbear
 docs suggest that scp from the ssh package can be used, but while the
 scp on my Debian system is plenty small it of course links in a half
 dozen libraries, including libc, that aren't present on Bering-uClib.

 Before I try to figure out how to build scp for Bering-uClib, does
 anybody have a .lrp to share?  Or know of plans to include one anytime
 soon?

Eric; 
There is no extra lrp yet, but you'll find scp in sshd.lrp. 
It requires libz and libcrpto.lrp; I guess too much for a floppy.

kp



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] scp for bering package backup

[Erich Titl]

Hi everybody

I hacked the Bering backup scripts so that they allow a backup custom 
destination of 'scp'. This makes the backup go to /tmp and then 
subsequently to the host/directory as specified in a few additional entries 
in /etc/lrp.conf.

The following files are affected:

/usr/sbin/lrcfg.back
/usr/sbin/lrcfg.back.script
/etc/lrp.conf

You can find these in my CVS tree at 
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/devel/etitl/bering/ It 
reflects partially the directory structure of a Bering LEAF router.

These changes are based on my 1.0_rc3 installation, I don't know if Jacques 
made changes here to the stable Version but the modifications should be 
pretty easy to port.

Barf if there is anything unclear, else have fun

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16



---
This SF.net email is sponsored by: Get the new Palm Tungsten T
handheld. Power  Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [Leaf-user] SCP _through_ Bering firewall disk problem

[Ray Olszewski]

Rick -- I read theough all 3 messages you posted, and from what you write
there, scp *should* work. Whatever the problem, I'd doubtful that it related
to Bering, since to it, there is no visible difference between an ssh and an
scp connection going through it. So ... 

I noticed that the one thing missing from your reports is a description of
what the actual failures looked like. What errors does scp report at the
originating end? Ar ethe errors different on the Sun-Sid system and on the
Win2K-CygWin system? Are there any relevant entries in the Bering-dmz
system's logs?

Also ... what sort of authentication are ssh and scp using on the dmz
system? I'm used to using it (and scp) with userid/password authentication.
If your Bering-dmz system uses, say, RSA authentication, there may be scp
issues I'm not thinking of. (What issues? Beats me; if I knew, it wouldn't
be something I'm not thinking of.)

Third, just to be clear ... the successful ssh connections to the Bering-dmz
Debian-Sid system from the Sun-Sid system and the unsuccessful scp
connections between them do use the same userid, right? Same question for
connections from the CygWin system. And the scp connections don't involve
directories/files where there might be permissions problems with reading or
writing (whichever way you are testing)?


At 10:14 PM 4/14/02 -0700, Jeff Newmiller wrote:
On Fri, 12 Apr 2002, Rick Price wrote:

 I'm having trouble getting scp to work through a Bering firewall (it
 hangs).
 
 I have no trouble whatsoever with ssh.
 
 I have only tried to scp things from the outside into a machine in the
 dmz, and from the internal network into the dmz. No other incoming
 connections are allowed.
 
 I tried removing the ssh entries for TOS, but that did not seem to fix
 things.
 
 A friend had it work once with no problems from freeshell.org. But it now
 seems broken.
 
 I have used scp a lot before with no problems (but not with Bering). So
 far I have tried it from Debian Testing and OpenSSH on Solaris 8.
 
 My Bering firewall is configured to allow everything out from the internal
 network (both external network, and into dmz).
 
 Allow one port (tcp 1966) into the dmz from the Internet to port 22 on a
 machine inside.
 
 The outside network and the dmz are not allowed into the internal network.
 
 The dmz is allowed out.
 
 Does anyone else have these problems, or am I missing something?

I don't use scp from outside a firewall... but scp passes through a single
ssh tunnel, so if ssh works, the networking portion of scp should work,
and Bering should have absolutely nothing to do with it.

I would review the names for your hosts... each endpoint should be able to
identify the other.  To eliminate name resolution from the picture for
troubleshooting, use ip addresses in your file-specifications.

Also, confirm that scp is installed and working on each end.  Try ssh'ing
to the other end, and scp'ing from there. Also try the -v option.

---
Jeff NewmillerThe .   .  Go Live...
DCN:[EMAIL PROTECTED]Basics: ##.#.   ##.#.  Live Go...
  Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/BatteriesO.O#.   #.O#.  with
/Software/Embedded Controllers)   .OO#.   .OO#.  rocks...2k
---


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user


--
Never tell me the odds!---
Ray Olszewski-- Han Solo
Palo Alto, CA[EMAIL PROTECTED]



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] SCP _through_ Bering firewall disk problem

[Rick Price]

I use password authentication.

Everything is the same except that I use scp instead of ssh.

scp just hangs, I used the -v option and it gave me no errors. I've had
essentially the same problem across all the systems.

I didn't let it sit there that long, so I didn't wait long enough for
timeout errors.

I think there is actually one difference between ssh and scp, scp sets the
TOS flag differently (or so I have read). Bering seems to let you set TOS
flags based on where the traffic is going, I did disable the flags for
SSH, but to no avail.

I've read that there was a bug in kernels less that 2.4.2 where scp was
derailed by the TOS code not properly computing a checksum when it changed
the TOS type of packets going through.

But I have not checked to see what kernel Bering uses.

I've done scp lots of times through firewalls before and so I find it
really puzzling.

I just put a DNS server in the DMZ, so maybe I will give it another spin.

Rick

On Mon, 15 Apr 2002, Ray Olszewski wrote:

 Rick -- I read theough all 3 messages you posted, and from what you write
 there, scp *should* work. Whatever the problem, I'd doubtful that it related
 to Bering, since to it, there is no visible difference between an ssh and an
 scp connection going through it. So ...

 I noticed that the one thing missing from your reports is a description of
 what the actual failures looked like. What errors does scp report at the
 originating end? Ar ethe errors different on the Sun-Sid system and on the
 Win2K-CygWin system? Are there any relevant entries in the Bering-dmz
 system's logs?

 Also ... what sort of authentication are ssh and scp using on the dmz
 system? I'm used to using it (and scp) with userid/password authentication.
 If your Bering-dmz system uses, say, RSA authentication, there may be scp
 issues I'm not thinking of. (What issues? Beats me; if I knew, it wouldn't
 be something I'm not thinking of.)

 Third, just to be clear ... the successful ssh connections to the Bering-dmz
 Debian-Sid system from the Sun-Sid system and the unsuccessful scp
 connections between them do use the same userid, right? Same question for
 connections from the CygWin system. And the scp connections don't involve
 directories/files where there might be permissions problems with reading or
 writing (whichever way you are testing)?


 At 10:14 PM 4/14/02 -0700, Jeff Newmiller wrote:
 On Fri, 12 Apr 2002, Rick Price wrote:
 
  I'm having trouble getting scp to work through a Bering firewall (it
  hangs).
 
  I have no trouble whatsoever with ssh.
 
  I have only tried to scp things from the outside into a machine in the
  dmz, and from the internal network into the dmz. No other incoming
  connections are allowed.
 
  I tried removing the ssh entries for TOS, but that did not seem to fix
  things.
 
  A friend had it work once with no problems from freeshell.org. But it now
  seems broken.
 
  I have used scp a lot before with no problems (but not with Bering). So
  far I have tried it from Debian Testing and OpenSSH on Solaris 8.
 
  My Bering firewall is configured to allow everything out from the internal
  network (both external network, and into dmz).
 
  Allow one port (tcp 1966) into the dmz from the Internet to port 22 on a
  machine inside.
 
  The outside network and the dmz are not allowed into the internal network.
 
  The dmz is allowed out.
 
  Does anyone else have these problems, or am I missing something?
 
 I don't use scp from outside a firewall... but scp passes through a single
 ssh tunnel, so if ssh works, the networking portion of scp should work,
 and Bering should have absolutely nothing to do with it.
 
 I would review the names for your hosts... each endpoint should be able to
 identify the other.  To eliminate name resolution from the picture for
 troubleshooting, use ip addresses in your file-specifications.
 
 Also, confirm that scp is installed and working on each end.  Try ssh'ing
 to the other end, and scp'ing from there. Also try the -v option.
 
 ---
 Jeff NewmillerThe .   .  Go Live...
 DCN:[EMAIL PROTECTED]Basics: ##.#.   ##.#.  Live Go...
   Live:   OO#.. Dead: OO#..  Playing
 Research Engineer (Solar/BatteriesO.O#.   #.O#.  with
 /Software/Embedded Controllers)   .OO#.   .OO#.  rocks...2k
 ---
 
 
 ___
 Leaf-user mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 

 --
 Never tell me the odds!---
 Ray Olszewski-- Han Solo
 Palo Alto, CA  [EMAIL PROTECTED]
 

[Leaf-user] SCP _through_ Bering firewall disk problem

[Rick Price]

I'm having trouble getting scp to work through a Bering firewall (it
hangs).

I have no trouble whatsoever with ssh.

I have only tried to scp things from the outside into a machine in the
dmz, and from the internal network into the dmz. No other incoming
connections are allowed.

I tried removing the ssh entries for TOS, but that did not seem to fix
things.

A friend had it work once with no problems from freeshell.org. But it now
seems broken.

I have used scp a lot before with no problems (but not with Bering). So
far I have tried it from Debian Testing and OpenSSH on Solaris 8.

My Bering firewall is configured to allow everything out from the internal
network (both external network, and into dmz).

Allow one port (tcp 1966) into the dmz from the Internet to port 22 on a
machine inside.

The outside network and the dmz are not allowed into the internal network.

The dmz is allowed out.

Does anyone else have these problems, or am I missing something?

Rick



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] SCP _through_ Bering firewall disk problem

[Jacques Nilo]

 I'm having trouble getting scp to work through a Bering firewall (it
 hangs).
Which version are you using ? Where did you get it from ?
Jacques


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] SCP _through_ Bering firewall disk problem

[Rick Price]

Uh, sorry about that, I was trying really hard to have everything in the
email.

This is from the readme file:

LEAF Bering Firewall - V1.0-rc1 Jacques Nilo [EMAIL PROTECTED]
On Fri, 12 Apr 2002, Jacques Nilo wrote: Eric Wolzak [EMAIL PROTECTED]
Instruction  user's guide at:


On Fri, 12 Apr 2002, Jacques Nilo wrote:

  I'm having trouble getting scp to work through a Bering firewall (it
  hangs).
 Which version are you using ? Where did you get it from ?
 Jacques



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] SCP _through_ Bering firewall disk problem

[Jacques Nilo]

 Uh, sorry about that, I was trying really hard to have everything in the
 email.
 
 This is from the readme file:
 
 LEAF Bering Firewall - V1.0-rc1 Jacques Nilo [EMAIL PROTECTED]
 On Fri, 12 Apr 2002, Jacques Nilo wrote: Eric Wolzak [EMAIL PROTECTED]
 Instruction  user's guide at:

No I mean where did you get the scp package from ?
Also are you using from with the firewall or not ?
Also do you have ssh installed (scp is a wrapper program to ssh) ?
If so is your ssh version the same as you scp version ?

Jacques


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] SCP _through_ Bering firewall disk problem

[Rick Price]

I'm not using scp or ssh *into* the firewall, I just want to get through
it from the outside to the inside so to speak.

So I don't have any scp or ssh installed on the firewall.

My ssh on my pc(s) would be the latest Debian Testing version from about a
week ago. It's OpenSSH_3.0.2p1.

On solaris it's, OpenSSH_3.0.2p1 from Sunfreeware.com

The target machine runs Debian testing, ssh version as above.

SSH works just fine through the firewall.

I would pretty much have to assume my scp version is the same as the ssh
version because I always install it as a package.

One way I try to use it is to scp from my work Solaris machine to my
machine in the dmz. I've tried it with scp from Cygwin on my work NT2000
machine and it's also broken.

The other way is to scp from my internal (home) debian or Solaris machine
and it is broken as well.

SSH works just fine in these situations.

I have not tried to scp out from inside the firewall (except from internal
to dmz) because I have nowhere to copy to until I can get into work from
home.

I did a verbose on scp and it does not come up with any errors.

I noticed a message on the net about TOS not properly dealing with a
checksum in  2.4.2 kernels, and so I removed the TOS entries for SSH but
that didn't seem to make a difference.

Please switch to my other email for the weekend [EMAIL PROTECTED], I'm
leaving work soon and I can't access my work email from home. (work
firewall issues).


Rick

On Fri, 12 Apr 2002, Jacques Nilo wrote:

  Uh, sorry about that, I was trying really hard to have everything in the
  email.
 
  This is from the readme file:
 
  LEAF Bering Firewall - V1.0-rc1 Jacques Nilo [EMAIL PROTECTED]
  On Fri, 12 Apr 2002, Jacques Nilo wrote: Eric Wolzak [EMAIL PROTECTED]
  Instruction  user's guide at:

 No I mean where did you get the scp package from ?
 Also are you using from with the firewall or not ?
 Also do you have ssh installed (scp is a wrapper program to ssh) ?
 If so is your ssh version the same as you scp version ?

 Jacques



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user