| View previous topic :: View next topic |
| Author |
Message |
Guest
Guest
|
 Posted: Wed Apr 24, 2002 8:47 pm Post subject: SSH client through a firewall? |
 |
|
Is it possible to run an SSH client from behind a restrictive firewall? It normally only allows web pages so I suppose at least port 80 is open.
I have used Putty and PenguiNet on Windows boxes to connect to my server, but I'm not sure if it is possible to do what I am trying. PenguiNet seems really promising but port forwarding and SOCKS4/5 is not having good documentation.
I would be a lot more sane if I could Alt-Tab to a bash prompt every now and then...  |
|
| Back to top |
|
 |
klieber
Bodhisattva
Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA
|
| Posted: Wed Apr 24, 2002 9:24 pm Post subject: Re: SSH client through a firewall? |
|
|
| Guest wrote: | | Is it possible to run an SSH client from behind a restrictive firewall? |
man sshd
Specifically, look for the -p option, which allows you to start sshd so it listens on a different port than the port 22 default.
As long as you're connecting to an sshd daemon that's listening on the correct port, you can connect to that daemon using whatever port you want.
_________________
The problem with political jokes is that they get elected |
|
| Back to top |
|
|
Guest
Guest
|
| Posted: Thu Apr 25, 2002 12:34 pm Post subject: what about httpd? |
|
|
I guess I had dismissed that idea out of hand before getting lost in all the port tossing documentation, because I run httpd as well.
Anyway, I will try this to see if it works - but does anyone know whether you can have httpd and sshd both listening on the same port?
Does gentoo use /etc/services and will this have to be changed? |
|
| Back to top |
|
|
klieber
Bodhisattva
Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA
|
| Posted: Thu Apr 25, 2002 2:08 pm Post subject: Re: what about httpd? |
|
|
| Guest wrote: | | Anyway, I will try this to see if it works - but does anyone know whether you can have httpd and sshd both listening on the same port? |
No, you can't.
_________________
The problem with political jokes is that they get elected |
|
| Back to top |
|
|
klieber
Bodhisattva
Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA
|
| Posted: Thu Apr 25, 2002 2:15 pm Post subject: Re: what about httpd? |
|
|
| Guest wrote: | | I guess I had dismissed that idea out of hand before getting lost in all the port tossing documentation, because I run httpd as well. |
Another option might be to use httptunnel. Don't think there's a gentoo package for it, but it might solve your issue.
--kurt
_________________
The problem with political jokes is that they get elected |
|
| Back to top |
|
|
Software Manager Michael
Guest
|
| Posted: Sat Apr 27, 2002 10:50 am Post subject: |
|
|
| I have been using proxytunnel to solve this exact problem. Ask google where to find it. It's very simple to set up and comes with clear instructions. Only problem is you need to have sshd running on an HTTPS port on a machine outside the firewall. In my case this is at home. |
|
| Back to top |
|
|
Guest
Guest
|
| Posted: Mon May 13, 2002 4:39 pm Post subject: clear as MUD |
|
|
Well the idea seems great and after RTFMing for a while I understand how it is possible but am at a loss to implement. Is seems sshd needs to be set to listen to port 80. Shut off httpd so there is no conflict. Then run this "other" program before starting Penguinet or Putty or someother Win32 based SSH client?
"Other" program being httptunnel or proxytunnel. This is a good case where open source is validated. I'd hate to give someone an instant backdoor to everything behind a firewall just because I wanted to get to a $> prompt.
I'm not sure from the docs though if I need to run anything else on the server side, and what if any changes to the configuration of the Win32 ssh client that need to be made? |
|
| Back to top |
|
|
klieber
Bodhisattva
Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA
|
| Posted: Mon May 13, 2002 5:01 pm Post subject: Re: clear as MUD |
|
|
| Guest wrote: | | Well the idea seems great and after RTFMing for a while I understand how it is possible but am at a loss to implement. Is seems sshd needs to be set to listen to port 80. Shut off httpd so there is no conflict. Then run this "other" program before starting Penguinet or Putty or someother Win32 based SSH client? |
You can start sshd on a different port by using the -p option. If you use this method, you don't need to use proxy tunnel and/or http tunnel.
proxytunnel and httptunnel are useful when you're behind a coprorate firewall that allows HTTP traffic, but not ssh traffic. This enables you to 'map' ssh traffic through http traffic, thereby allowing it to pass through your firewall.
| Guest wrote: | | I'd hate to give someone an instant backdoor to everything behind a firewall just because I wanted to get to a $> prompt. |
Even with this method, you still have to authenticate against ssh, so I wouldn't be too worried about it. (though if you configure it incorrectly, I suppose you could open up a hole)
| Guest wrote: | | I'm not sure from the docs though if I need to run anything else on the server side, and what if any changes to the configuration of the Win32 ssh client that need to be made? |
The only change that needs to be made on the client side is if you start sshd so it listens on another port. Then you need to tell your ssh client to contact that server on the same port. (how to do this varies from ssh client to ssh client.)
--kurt
_________________
The problem with political jokes is that they get elected |
|
| Back to top |
|
|
|
Networking & Security
