SSH: Selecting a non-priviliged port for scp
Hi! we have problems here because our firewall blocks connection from priviliged ports from inside the DMZ to the internet. When using ssh I can give the option "-P" so ssh connects from a non-priviliged port. But this option is missing in scp (-P in scp does something else). Any clue how I can change the behaviour of scp? OK: Yes, I know, this email has an HTML attachment. Because we are forced to use Exchange, I can suppress it. Sorry! -- i.A. Dipl.-Inf. Boris Klug, boris.klug@ibs-ag.de, http://www.ibs-ag.de/ IBS AG engineering consulting software, The Quality Company Rathausstraße 56, 56203 Höhr-Grenzhausen, Fon: 02624/9180-125, Fax: -200
Hello Klug, Boris! On Mon, Nov 13, 2000 at 01:13:44PM +0100, Klug, Boris wrote:
we have problems here because our firewall blocks connection from priviliged ports from inside the DMZ to the internet. When using ssh I can give the option "-P" so ssh connects from a non-priviliged port. But this option is missing in scp (-P in scp does something else).
Any clue how I can change the behaviour of scp?
Excerpt from the scp-manpage: -L Use non privileged port. With this you cannot use rhosts or rsarhosts authentications, but it can be used to bypass some firewalls that dont allow privi leged source ports to pass. Same as saying "-o UsePriviledgePort=no" or -P to ssh; -L is used due to exhaustion of suitable letters. Hope that helps Johannes Geiger
Hi!
we have problems here because our firewall blocks connection from priviliged ports from inside the DMZ to the internet. When using ssh I can give the option "-P" so ssh connects from a non-priviliged port. But this option is missing in scp (-P in scp does something else).
Any clue how I can change the behaviour of scp?
OK: Yes, I know, this email has an HTML attachment. Because we are forced to use Exchange, I can suppress it. Sorry!
There is an easy solution for this: chmod -s /usr/bin/ssh (also change it
in /etc/permissions !). scp is a frontend for ssh, or, in other words, scp
calls ssh to do the network and authentication work.
Thanks,
Roman.
--
- -
| Roman Drahtmüller
participants (3)
-
Johannes Geiger -
Klug, Boris -
Roman Drahtmueller