> On Fri, 7 Jul 2000, Paul Newhouse wrote:
>
> > > Can anyone give me helping hand? I'm trying to connect to a remote
>machine
> > > "C", that is hosted on the internet from my local machine "A" that is
>behind
> > > our corporate firewall on machine "B". Machines "A" and "C" are linux
>boxes,
> > > and machine "B" is a Windoze NT Server box.
> >
> > Can you see connect attempts on "C" from "A" in the log (syslog or authlog
>or where ever
> > Linux logs such things)?
> >
> > Can you ping "C" from "A"?
>
> No, I suspect that pings have been disabled through our firewall.
>
> >
> > Is "B" running some version of SOCKS (or whatever it's called on NT)?
>
> I'm not sure, but I doubt it.
>
> >
> > Try running sshd on machine "C" at some non-privledged port ("-P 22222" for
>instance)
> > and remember to initiate the ssh session from "A" specifying the same port.
> >
>
> I can't run sshd on "C", since "C" is a machine on a hosted site that I
> subscribe to (I have limited priveleges in my shell).
HAH!! My mistake I read ""C", that is hosted on the internet" to mean you had some
control
over it.
> It must be running in a general sense, however, since I
> can connect from my home machine "D" to "C" through my ISP.
Can you run sshd on your home machine "D"?
> > > "A" <-----> "B" <------> "C"
> > >
> > > I CAN connect to machine "C" from my home machine "D" through my
>dialup ISP,
> > > by simply typing in: slogin my-user-name@C
> > >
> > > "D" <-----> ISP <------> "C" Works!!!
> > >
> > >
> > > I CAN'T connect to machine "C" from machine "A", however, and I
>suspect that
> > > it is our corporate firewall that is to blame ... here is a transcript
>of the
> > > failed session:
> > >
> > > $ slogin -v my-user-name@C
> > > SSH Version OpenSSH-1.2.2, protocol version 1.5.
> > > Compiled with SSL.
> > > debug: Reading configuration data /etc/ssh/ssh_config
> > > debug: Applying options for *
> > > debug: ssh_connect: getuid 525 geteuid 0 anon 0
> > > debug: Connecting to C [xxx.xxx.xxx.xxx] port 22.
> > > debug: Allocated local port 832.
> >
> > This could be a problem? "B" could be filtering out low numbered ports?
>You could try
> > fixing ssh to select higher level port numbers (over 2000).
> >
>
> How do I do this?
I think you have to hack the source or write a program that grabs the unassigned lower
numbers
and hangs on to them. There might be some config option in Linux that sets a floor
value below
which it will not assign a port?
> I've tried to "telnet B 2000" and other numbers higher
> and lower, but they all fail, probably because they are blocked by our
> firewall.
More likely there is nothing listening on port 2000.
Given that you don't have control of "C" I think you are toast.
You could ask you ISP to run sshd on a high numbered port (what's the worst they can
say ... NO?)
then you could use "-P <high numbered port>" from "A".
Not being much help, sorry.
Good luck,
Paul
> > > debug: connect: Connection refused
> > > debug: Trying again...
> > > debug: Connecting to C [xxx.xxx.xxx.xxx] port 22.
> > > debug: Allocated local port 856.
> > > debug: connect: Connection refused
> > > debug: Trying again...
> > > debug: Connecting to C [xxx.xxx.xxx.xxx] port 22.
> > > debug: Allocated local port 928.
> > > debug: connect: Connection refused
> > > debug: Trying again...
> > > debug: Connecting to C [xxx.xxx.xxx.xxx] port 22.
> > > debug: Allocated local port 621.
> > > debug: connect: Connection refused
> > > Secure connection to C refused.
> > >
> > >
> > > I suspect that port 22 is closed on machine "B" which is our corporate
> > > firewall machine (Windoze NT Server) :
> >
> > "B" may block all port 22 traffic to/from any host but, port 22 on "B"
>should be of no
> > consequence.
> >
> > > $ telnet B
> > > Trying xxx.xxx.xxx.xxx...
> > > Connected to B.our-corporate-domain
> > > Escape character is '^]'.
> > > hhhhh telnet proxy (Version 5.5) ready:
> > > tn-gw-> close
> > > Connection closed by foreign host.
> > >
> > > [tom@id tom]$ telnet B 22
> > > Trying xxx.xxx.xxx.xxx...
> > > telnet: Unable to connect to remote host: Connection refused
> > >
> > >
> > > I have read and re-read the manpages and have tried various
>incarnations
> > > of the port forwarding switches, using the nonpriveleged -P switch,
>etc.
> > > with no luck.
> >
> > Ok, forget my suggestion above ;). Hmmm, are you running a web server on
>"C"?
> > You could try using port 80 instead of 22 if you aren't. I'll bet they
>didn't block
> > the web from being passed out. ;)))
> >
>
> Yes, I am running a web server on "C". My whole purpose for trying to
> use ssh is to upload files for my hosted web-pages on "C".
Yeah, I think I understand the situation now.
> > > Here are the versions of ssh used on each side:
> > > on machine "A":
> > > $ ssh -V
> > > SSH Version OpenSSH-1.2.2, protocol version 1.5.
> > > Compiled with SSL.
> > >
> > > on machine "C":
> > > $ ssh -V
> > > SSH Version 1.2.27 [i686-unknown-linux], protocol version 1.5.
> > > Standard version. Does not use RSAREF.
> >
> > Have you tried ssh-1.2.27 on "A"? (Isn't 1.2.29 available?)
>
> No, not yet, but I have tried version OpenSSH_2.1.1 w/ Mandrake 7.1
> on another machine in our company with the same results above
> (connection refused)
>
> >
> > Good luck,
> > Paul
> >
>
> Thanks,
> Tom
>
>
>
