hi list, today i've got a problem while testing a system for rsyncing two systems via ssh. the external ssh-server normally wants to get request with a privileged port (eg. 1023). but i want to connect via my internal server which is masq. by my gateway/firewall. after this masq. the privileged request transforms into an un- privileged one...;-( are there any ideas somewhere out there...;-)?? many thanks in advance, bye daniel -- Machen Sie Ihr Hobby zu Geld bei unserem Partner 1&1! http://profiseller.de/info/index.php3?ac=OM.PS.PS003K00596T0409a -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net
Usually the problem is the other way, you have to use the option for ssh to use an unprivileged port, to avoid packet filtering the privileged port connection. Why do you need a privileged port? Is it because you are using rhosts authentication? If you made this work, you would have to hack the source, IP Masq uses very high port numbers, but changing that would proobably blow a big hole in your network security. Really you should bite the bullet, and set up public and private keys, to permit a user access avoiding being asked a password. Although the private key file is password protected, I've always copied it off the target machine, and deleted it. Once the agent has the keys added into it, rsync-ing and ssh-ing becomes painless. Regards Rob
* Daniel Quappe wrote on Wed, May 30, 2001 at 18:25 +0200:
That's default if you haven't disabled the horrible rhosts authentication. Set it to no: RhostsAuthentication no RhostsRSAAuthentication no FallBackToRsh no and SSH uses normal ports. Adjust Firewalls if neccesary.
usually MASQ rangs is at #define PORT_MASQ_BEGIN 61000 which is tunable at kernel compile time. But usally you don't want change this. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
Usually the problem is the other way, you have to use the option for ssh to use an unprivileged port, to avoid packet filtering the privileged port connection. Why do you need a privileged port? Is it because you are using rhosts authentication? If you made this work, you would have to hack the source, IP Masq uses very high port numbers, but changing that would proobably blow a big hole in your network security. Really you should bite the bullet, and set up public and private keys, to permit a user access avoiding being asked a password. Although the private key file is password protected, I've always copied it off the target machine, and deleted it. Once the agent has the keys added into it, rsync-ing and ssh-ing becomes painless. Regards Rob
* Daniel Quappe wrote on Wed, May 30, 2001 at 18:25 +0200:
That's default if you haven't disabled the horrible rhosts authentication. Set it to no: RhostsAuthentication no RhostsRSAAuthentication no FallBackToRsh no and SSH uses normal ports. Adjust Firewalls if neccesary.
usually MASQ rangs is at #define PORT_MASQ_BEGIN 61000 which is tunable at kernel compile time. But usally you don't want change this. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
participants (3)
-
Daniel Quappe -
Robert Davies -
Steffen Dettmer