[SunHELP] sshd2 - remote connection

sunhelp at sunhelp.org sunhelp at sunhelp.org
Wed Feb 20 15:38:14 CST 2002


ill clarify

1) External = outside the firewall
2) Internal = inside the firewall

things are working between this external server and the internal network
since 
there are rules in place within our pix firewall.

overall goal here is to find and document what security measures are in
place on 
the external server in regards to the outside world.  In my own testing I
see that 
is blocking ICMP from the outside world and also the running services such
as proftpd 
and ssh2 are blocked (outside world only). I found that this blocking is not
part of 
these two service's configurations, nor the presence of the software base
firewalls 
I previous listed.  Sorry that I haven't been very thourough on my
descriptions.
I will check into your suggestion.


-----Original Message-----
From: Fogg, James [mailto:JFogg at vicinity.com]
Sent: Wednesday, February 20, 2002 2:59 PM
To: 'sunhelp at sunhelp.org'
Subject: RE: [SunHELP] sshd2 - remote connection


Umm.. sounds like proxy arp is enabled and/or a netmask is set wrong. Of
course, this is assuming I even understand what you are trying to say.

James Fogg, Network Engineer
Vicinity Corporation - New Hampshire
(603) 442-1751

~ -----Original Message-----
~ From: Markham, Richard [mailto:RMarkham at hafeleamericas.com]
~ Sent: Wednesday, February 20, 2002 11:36 AM
~ To: 'sunhelp at sunhelp.org'
~ Subject: RE: [SunHELP] sshd2 - remote connection
~ 
~ 
~ sorry my point was not clear.  the functionality of ssh is 
~ working this
~ is network related.
~ 
~ restatement:
~ I cannot connect from external(home) to external(work) but I 
~ can connect
~ external(work) to internal(work).  My first guess was that something 
~ along the lines of ipf, ipfw, ipchains, iptables, sunscreen, 
~ tcpwrappers
~ is installed.  This external(work) box is blocking ICMP as well.  The
~ apps listed above, I have now checked for so I am thinking 
~ perhaps there 
~ is some routing tables set in the internet router.  This setup was 
~ previously implemented and I am disecting the setup.  The 
~ reality is that 
~ I can ssh through VPN anyway so nothing needs to be changed, 
~ but do to 
~ this day and age everything has to be documented =).
~ 
~ Again thank you in consideration for my issue.  =)
~ 
~ 
~ 
~ -----Original Message-----
~ From: Dicu Silviu [mailto:linuxsil at yahoo.com]
~ Sent: Wednesday, February 20, 2002 10:26 AM
~ To: sunhelp at sunhelp.org
~ Subject: Re: [SunHELP] sshd2 - remote connection
~ 
~ 
~ what do you mean "the ability to ssh to a
~ particular box" ?
~ 
~ 
~ to connect with a password, with keys or something like rsh ?
~ 
~ 
~  
~ --- "Markham, Richard" <RMarkham at hafeleamericas.com> wrote:
~ > I want to let one remote host have the ability to ssh to a
~ > particular box.
~ > Currently through a leg in the firewall all the lan boxes can ssh
~ > to this
~ > host.  So on the outside this box is only protected by its own
~ > configuration.
~ > I uncommented IgnoreRootRhosts  no
~ > and then created a ~/.rhosts files and am not able to connect.  Am
~ > I in the 
~ > right direction?
~ > _______________________________________________
~ > SunHELP maillist  -  SunHELP at sunhelp.org
~ > http://www.sunhelp.org/mailman/listinfo/sunhelp
~ 
~ 
~ =====
~ Silviu Dicu
~ Yahoo! Sports - Coverage of the 2002 Olympic Games
~ http://sports.yahoo.com
~ _______________________________________________
~ SunHELP maillist  -  SunHELP at sunhelp.org
~ http://www.sunhelp.org/mailman/listinfo/sunhelp
~ _______________________________________________
~ SunHELP maillist  -  SunHELP at sunhelp.org
~ http://www.sunhelp.org/mailman/listinfo/sunhelp
~ 
_______________________________________________
SunHELP maillist  -  SunHELP at sunhelp.org
http://www.sunhelp.org/mailman/listinfo/sunhelp



More information about the SunHELP mailing list