Firewall Wizards mailing list archives
Re: SSH through firewall
From: "Aaron D. Turner" <aturner () vicinity com>
Date: Tue, 6 Jul 1999 17:08:29 -0700 (PDT)
I've used sshd in a non-transparent firewall situation by using the generic tcp proxy with fwtk. Of course at this point, the firewall isn't doing the authentication, the end-server is, but I can't figure out a way to avoid that. Anyways, it worked quite well. -- Aaron Turner, CNE aturner () vicinity com 650.237.0300 x252 Network/Security Engineer Vicinity Corp. Cell: 408-314-9874 Pager: 650-317-1821 http://www.vicinity.com On Mon, 5 Jul 1999, Kevin T. Shivers wrote:
On Fri, 2 Jul 1999, Ginsberg Rainer (QI/INF4) * wrote:Do you think this is feasible with a non-transparent firewall? Do you know a firewall that is capable of this?Hmmm, this I am not sure about, but I think it may not work. I will let other people on this list who know more about this answer definitively, but here's my shot. Machines running sshd have an ssh host key associated with that specific machine, so if your machine inside the firewall is connecting to the firewall and then to the outside, ssh might go nuts with the ssh key. If ssh records the host key of the firewall for each host outside the firewall, then siteb.com will look just like sitea.com and ssh will pop up those nasty messages. If it records the external site's ssh key instead, then everything will work. At least, I think it will work. I don't know how well tunneling stuff like X will work, but I do know it does works with on our transparent firewall. I think someone has used ssh with plug-gw on fwtk, and I know people are using it on Gauntlet (myself included), but I don't know about any of the other firewalls. I think someone might have also made an ssh proxy for fwtk, but i'm not sure, check fwtk.org for some info if you want. Anyway, I hope this helped, and take this with a grain of salt. I don't want to get yelled at if it turns out I'm wrong. :)Rainerkts -- Kevin T. Shivers NT & UNIX Systems Mutiliator Shivers Consulting http://www.clark.net/pub/kts kts () clark net
Current thread:
- SSH through firewall Ginsberg Rainer (QI/INF4) * (Jul 05)
- Re: SSH through firewall James Neal - HandiCAT (Jul 06)
- Re: SSH through firewall Kevin T. Shivers (Jul 06)
- Re: SSH through firewall Aaron D. Turner (Jul 08)
- Re: SSH through firewall Kevin Steves (Jul 12)