still no ssh access

Brian Kelsay Brian.Kelsay at kcc.usda.gov
Thu Sep 30 13:34:06 CDT 2004


The IPCop box, if ssh is enabled on it, will allow ssh on 222.  You can then port forward 22 to one box internal and setup any others with different external ports forwarded to specific boxes port 22.  e.g. ip:22 -->192.168.0.3:22, ip:1022-->192.168.0.4:22, ip:1023-->192.168.0.5:22.

Unfortuantely I can't do that.   My workplace blocks outbound connections to anything but 80, 443 and 21 (ftp).  I have tried port 22, 80, and 21 forwarded at the firewall to server port 22.


Brian Kelsay

>>> "Dustin Decker" <dustin.decker at 1on1security.com> 09/30/04 01:25PM >>>
IPCop is designed to have ssh run on port 222, leaving you the luxury of
forwarding the SSH port (which is 22 btw, not 21) to another host on your
network.

If you're on RoadRunner, you might want to modify IPCop to have the web
admin interface listen on something other than port 445, as that is blocked
because of the number of worms which attack Win2K on that port.

If you are trying to connect to a host _behind_ IPCop, forward port 22 to
that host.  If you are trying to connect to IPCol itself, use the -p flag to
connect on port 222.

Dustin

> -----Original Message-----

> Of Brian Kelsay
> Sent: Thursday, September 30, 2004 1:04 PM
> To: kclug at kclug.org 
> Subject: still no ssh access
> 
> Now that I have sshd running on the new server and I can connect to it
> from another PC on my LAN, I know that it should work.   I have setup port
> 80, 8000 and 21 to forward to 22 on the server, but none allow me to
> connect with Putty from work.  Those that remember, I had narrowed it down
> to port 80 being unblocked on outbound and POSSIBLY port 21.   I just want
> the ability to sftp a few small files to it, enable new functions and test
> the webserver in general.   The rules are set up in IPCop correctly.  I am
> about to resign myself to the fact that there is no way to do this unless
> there is some other package that I can put on the server to allow remote
> access via port 80 or 443 (https).
> 
> Anybody know of something like webmin that comes by default to work on 443
> and then allows you to ssh or ftp?   I feel really stupid.  The next step
> I will try is to put webmin on 443 instead of 10000 or whatever it is set
> by default, but I'm not confident.
> 
> I probably need to leave my current port forwarding rules until LUG
> meeting night to see if I can get in remotely from another location.
> This has been a testing nightmare for me.
> 
> Brian Kelsay






More information about the Kclug mailing list