hi chuck,
> I'm using ssh2 on a SunOS 5.7 machine. I would like to be able to ssh into my
> DMZ machine inside of my firewall but I'm not sure how. My DMZ machine is not
> Internet routable. I think it would usually be just launching ssh on the
> firewall to a port that passes through the firewall (SSL). Will this method
> still work? Will sftp work in the same fashion? Is there a better way for a
> machine outside of a firewall to tunnel into machine through a firewall??
maybe a friendly word with the sysadmin of the firewall host/whoever looks
after net security will help you out? if that's you - you'll need either a
proxy on the firewall host or some form of network address translation
which will take your incoming ssh packets across the firewall to the dmz host
configured with the non-routable IP address.
i wouldn't recommend using whatever mechanism is in place for incoming
SSL (443/tcp) for ssh.
i've not used sftp - if it uses a separate tcp connection for data a'la
traditional ftp then you'll need a NAT/application proxy which is aware of
the separate data channel. i've always used scp for file transfers which just
uses whatever ssh server port you've configured.
btw, there are sound reasons for not doing what you want to do. you will
want to nail down the sshd config on your dmz host pretty tight &
be very careful how you configure the app proxy/NAT on the firewall.
ssh is a great tool, but incorrectly configured & you could be opening
up a nice encrytped tunnel from the big bad world to your DMZ host.
particularly if you permit connections from machines with little host
security which may be connected to untrusted networks.
hope this helps,
pauline
