Hi,
On Fri, 1 Dec 2000, Jason Holland wrote:
> Yes, use -P ..., which doesn't allocate a privileged port.
> >
> > Firewall is preventing SSH connection. I am behind the firewall and
> > ...
> > Our firewall blocks inbound and outbound
> > traffic on all ports below 1024 except HTTP, FTP and Telnet ports. Is
> > there a way to tell the ssh client to use a port above 1024?
Note that you might be speaking of different things here. The option -P
just makes the ssh client NOT bind it's outgoing SOURCE port to something
below 1024. Which of course must be done if the ingoing traffic is
filtered below 1024 except for http, ftp, telnet (hence this solves half
of the problem).
The DESTINATION port is still of course the port of the ssh server (which
you can't change from the client). From the above it seems that the latter
is the real problem, i.e. you want to connect to e.g. port 22 on the
server but the firewall only allows outgoing traffic to http, ftp and
telnet servers.
Depending on what the firewall is and some other paramters in your
environment this can be fixed/circumvented in a number of ways. Some of
your options are:
* Easiest way is to get the FW admin to "open" up outgoing traffic to 22
(ssh) which is not very dangerous one might think considering telnet is
let out... (since you asked on this list I guess this might not be an
option :-).
* If the firewall just filters out everything but these destination ports
then you can start the ssh server on for example port 23 (telnet), which
of course means you have to be able to reconfigure the ssh server.
* If the firewall is a proxying one, then the chances are you can use the
http proxy to connect to the ssh server (given that your client supports
this). As a bonus, very often the ssh server must be listening on 443
(https) in this case since other destination ports are blocked by the
proxy :-(.
Hope you get it going.
Cheers,
/Mats
