On Wed, Jul 12, 2000 at 10:05:56AM -0500, [EMAIL PROTECTED] wrote:
> Theo, sorry for not replying sooner, I've been out sick for the
> last couple of days ...
Hope you're feeling better.
> Can you please explain how you are able to connect via telnet
> (port 23) from your linux box out through your firewall, including
> all relevant switches? It sounds like we have similar scenarios,
> and I would like to give this a try.
Sure. On the client-side, you just do "ssh remote -p 23", or in .ssh/config
terms:
Host hostname.foo.net foo.net hostname
hostname hostname.foo.net
port 23
user bar
This assumes that you can go out from the client to port 23 on a remote box.
You may wish to add in the "usepriviledgedport no" option (spelling dependant
on the SSH you use...) I don't need it on my setup, but YMMV.
On the server-side, it's a little trickier, depending on your situation --
1) you can just do "sshd -p 23" if you're not running telnet, and that will
put a standard SSH daemon on port 23.
2) you use the "twist" feature of TCP wrappers to run telnet and ssh
"simultaneously" (depending on who is connecting):
You have inetd.conf setup to run telnet as usual:
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
and then in the TCP wrappers config (hosts.allow) you do something like:
in.telnetd : 192.168.112.0/255.255.255.0 : twist /usr/sbin/sshd -i
in.telnetd : ALL
this makes TCP wrappers allow ALL for telnet, but for
192.168.112.0/255.255.255.0, it will "twist" the connection to "sshd -i" and
run it instead of in.telnetd.
> but have been unsuccesful. By the way, how do I tell which ports
> of our firewall I can connect through? Are there some commands
> I can try that won't unnecesarily get the attention of our system
> administrator?
unless you have admin access to the firewall, you'd essentially have to
portscan the outside box and see what you can get to. The usual ones that
are allowed through (either directly or through a proxy) include:
23 - telnet
21 - FTP
80 - HTTP
443 - HTTPS
If you're not running daemons on all of those ports, you can always run "sshd
-p #" as I have above in #1. I also have some perl daemon scripts to let you
SSH through a HTTPS and telnet proxies to port 443 and 23 respectively.
> I have no control over what port sshd is running on on the remote
> machine (machine C from my earlier post), but I do know that it is
> running on the default SSH port of 22.
If you have no admin access on C, you're kind of hosed unless you can get
an opening in the firewall. You would have to get access to a machine
D outside the firewall where you could SSH to using one of the above
methods, and then SSH from D to C.
--
Randomly Generated Tagline:
"When it is not necessary to make a decision, it is necessary not to make a
decision." - From www.slashdot.org
