Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1999_2

NFR Wizards Archive: Re: SSH through firewall

Re: SSH through firewall

Aaron D. Turner (aturnervicinity.com)
Tue, 6 Jul 1999 17:08:29 -0700 (PDT)

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: David Lang: "Re: TCP port 7 traffic from DoubleClick"
Previous message: Mason Begley: "RE: TCP port 7 traffic from DoubleClick"
Maybe in reply to: Greg Nowicki: "TCP port 7 traffic from DoubleClick"
Next in thread: Kevin Steves: "Re: SSH through firewall"

I've used sshd in a non-transparent firewall situation by using the
generic tcp proxy with fwtk. Of course at this point, the firewall
isn't doing the authentication, the end-server is, but I can't figure
out a way to avoid that. Anyways, it worked quite well.

-- Aaron Turner, CNE aturner

vicinity.com 650.237.0300 x252 Network/Security Engineer Vicinity Corp. Cell: 408-314-9874 Pager: 650-317-1821 http://www.vicinity.com

On Mon, 5 Jul 1999, Kevin T. Shivers wrote:

> On Fri, 2 Jul 1999, Ginsberg Rainer (QI/INF4) * wrote: > > > > Do you think this is feasible with a non-transparent firewall? Do you know > > a firewall that is capable of this? > > Hmmm, this I am not sure about, but I think it may not work. I will let > other people on this list who know more about this answer definitively, > but here's my shot. > > Machines running sshd have an ssh host key associated with that specific > machine, so if your machine inside the firewall is connecting to the > firewall and then to the outside, ssh might go nuts with the ssh key. If > ssh records the host key of the firewall for each host outside the > firewall, then siteb.com will look just like sitea.com and ssh will pop up > those nasty messages. If it records the external site's ssh key instead, > then everything will work. At least, I think it will work. I don't know > how well tunneling stuff like X will work, but I do know it does works > with on our transparent firewall. I think someone has used ssh with > plug-gw on fwtk, and I know people are using it on Gauntlet (myself > included), but I don't know about any of the other firewalls. I think > someone might have also made an ssh proxy for fwtk, but i'm not sure, > check fwtk.org for some info if you want. > > Anyway, I hope this helped, and take this with a grain of salt. I don't > want to get yelled at if it turns out I'm wrong. :) > > > Rainer > > kts > > -- > Kevin T. Shivers NT & UNIX Systems Mutiliator > Shivers Consulting http://www.clark.net/pub/kts > ktsclark.net >

Next message: David Lang: "Re: TCP port 7 traffic from DoubleClick"
Previous message: Mason Begley: "RE: TCP port 7 traffic from DoubleClick"
Maybe in reply to: Greg Nowicki: "TCP port 7 traffic from DoubleClick"
Next in thread: Kevin Steves: "Re: SSH through firewall"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:19:02 CDT