[opensuse] ssh through a firewall
On 07/31/2014 09:13 AM, Roger Oberholtzer wrote:
I get the initial ssh questions about the host, and then the password prompt. However, my password is not accepted.
Did you compare the fingerprint? I.e., are you sure you got thru to your final host?
I thought that as well. There should be no machines between. If I was not getting to the actual destination at all, I would expect no ssh info and password prompt. -- Roger Oberholtzer -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
op 31-07-14 09:30, Roger Oberholtzer schreef:
On 07/31/2014 09:13 AM, Roger Oberholtzer wrote:
I get the initial ssh questions about the host, and then the password prompt. However, my password is not accepted.
Did you compare the fingerprint? I.e., are you sure you got thru to your final host?
I thought that as well. There should be no machines between. If I was not getting to the actual destination at all, I would expect no ssh info and password prompt.
-- Roger Oberholtzer
Roger, That firewall-device probably has its own ssh-daemon on board. That's what is answering to your connection. It should do port-forwarding of your ssh-port to your destination. Maybe it should not be standard port 22 but some other, so the firewall-device remains accessible at port 22. My thoughts. Koenraad. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 31/07/2014 10:09, Koenraad Lelong a écrit :
That firewall-device probably has its own ssh-daemon on board. That's what is answering to your connection. It should do port-forwarding of your ssh-port to your destination. Maybe it should not be standard port 22 but some other, so the firewall-device remains accessible at port 22.
it's also what I think, needs a port forwarding jdd -- http://www.dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 07/31/2014 11:44 AM, jdd wrote:
it's also what I think, needs a port forwarding
not necessarily: it's not clear how the network looks like. You only need port-forwarding if that device is a firewall-router using NAT, i.e. when the outside SSH client doesn't know the IP of the target host behind the firewall. It could as well be "normal" networks fully accessible by both sides ... unless the firewall in between blocks. Have a nice day, Berny -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 07/31/2014 04:09 AM, Koenraad Lelong wrote:
That firewall-device probably has its own ssh-daemon on board. That's what is answering to your connection. It should do port-forwarding of your ssh-port to your destination. Maybe it should not be standard port 22 but some other, so the firewall-device remains accessible at port 22.
That makes sense to me. I have a Netgear f/w-switch-router which works that way. It is an important difference and one that might easily be overlooked by your people at the 11.2 end. Perhaps you can tell from the prompt. I'd expect the prompt presented by the firwwall-shh to be different from the host-ssh. -- /"\ \ / ASCII Ribbon Campaign X Against HTML Mail / \ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Am Donnerstag, 31. Juli 2014, 09:03:13 schrieb Anton Aylward:
On 07/31/2014 04:09 AM, Koenraad Lelong wrote:
That firewall-device probably has its own ssh-daemon on board. That's what is answering to your connection. It should do port-forwarding of your ssh-port to your destination. Maybe it should not be standard port 22 but some other, so the firewall-device remains accessible at port 22.
That makes sense to me. I have a Netgear f/w-switch-router which works that way. It is an important difference and one that might easily be overlooked by your people at the 11.2 end.
Perhaps you can tell from the prompt. I'd expect the prompt presented by the firwwall-shh to be different from the host-ssh.
I'd in particular expect the ssh host key not to match if you get connected to the wrong ssh server. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 07/31/2014 09:14 AM, Rolf Krahl wrote:
Am Donnerstag, 31. Juli 2014, 09:03:13 schrieb Anton Aylward:
On 07/31/2014 04:09 AM, Koenraad Lelong wrote:
That firewall-device probably has its own ssh-daemon on board. That's what is answering to your connection. It should do port-forwarding of your ssh-port to your destination. Maybe it should not be standard port 22 but some other, so the firewall-device remains accessible at port 22.
That makes sense to me. I have a Netgear f/w-switch-router which works that way. It is an important difference and one that might easily be overlooked by your people at the 11.2 end.
Perhaps you can tell from the prompt. I'd expect the prompt presented by the firwwall-shh to be different from the host-ssh.
I'd in particular expect the ssh host key not to match if you get connected to the wrong ssh server.
Very true, but I'd take the prompt as something very visible. While the "-vvv" is a great idea and will show what the protocol exchange is doing and why that fails, the prompt is an up-front and very visible indicator. Of course the prompt might be configured to be uninformative and the same no matter what's going on... -- /"\ \ / ASCII Ribbon Campaign X Against HTML Mail / \ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 31/07/2014 15:38, Anton Aylward a écrit :
Of course the prompt might be configured to be uninformative and the same no matter what's going on...
modern ssh gives an ascii art of the key, just for convenience :-) jdd -- http://www.dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (6)
-
Anton Aylward -
Bernhard Voelker -
jdd -
Koenraad Lelong -
Roger Oberholtzer -
Rolf Krahl