I use password authentication. Everything is the same except that I use scp instead of ssh.
scp just hangs, I used the -v option and it gave me no errors. I've had essentially the same problem across all the systems. I didn't let it sit there that long, so I didn't wait long enough for timeout errors. I think there is actually one difference between ssh and scp, scp sets the TOS flag differently (or so I have read). Bering seems to let you set TOS flags based on where the traffic is going, I did disable the flags for SSH, but to no avail. I've read that there was a bug in kernels less that 2.4.2 where scp was derailed by the TOS code not properly computing a checksum when it changed the TOS type of packets going through. But I have not checked to see what kernel Bering uses. I've done scp lots of times through firewalls before and so I find it really puzzling. I just put a DNS server in the DMZ, so maybe I will give it another spin. Rick On Mon, 15 Apr 2002, Ray Olszewski wrote: > Rick -- I read theough all 3 messages you posted, and from what you write > there, scp *should* work. Whatever the problem, I'd doubtful that it related > to Bering, since to it, there is no visible difference between an ssh and an > scp connection going through it. So ... > > I noticed that the one thing missing from your reports is a description of > what the actual failures looked like. What errors does scp report at the > originating end? Ar ethe errors different on the Sun-Sid system and on the > Win2K-CygWin system? Are there any relevant entries in the Bering-dmz > system's logs? > > Also ... what sort of authentication are ssh and scp using on the dmz > system? I'm used to using it (and scp) with userid/password authentication. > If your Bering-dmz system uses, say, RSA authentication, there may be scp > issues I'm not thinking of. (What issues? Beats me; if I knew, it wouldn't > be something I'm not thinking of.) > > Third, just to be clear ... the successful ssh connections to the Bering-dmz > Debian-Sid system from the Sun-Sid system and the unsuccessful scp > connections between them do use the same userid, right? Same question for > connections from the CygWin system. And the scp connections don't involve > directories/files where there might be permissions problems with reading or > writing (whichever way you are testing)? > > > At 10:14 PM 4/14/02 -0700, Jeff Newmiller wrote: > >On Fri, 12 Apr 2002, Rick Price wrote: > > > >> I'm having trouble getting scp to work through a Bering firewall (it > >> hangs). > >> > >> I have no trouble whatsoever with ssh. > >> > >> I have only tried to scp things from the outside into a machine in the > >> dmz, and from the internal network into the dmz. No other incoming > >> connections are allowed. > >> > >> I tried removing the ssh entries for TOS, but that did not seem to fix > >> things. > >> > >> A friend had it work once with no problems from freeshell.org. But it now > >> seems broken. > >> > >> I have used scp a lot before with no problems (but not with Bering). So > >> far I have tried it from Debian Testing and OpenSSH on Solaris 8. > >> > >> My Bering firewall is configured to allow everything out from the internal > >> network (both external network, and into dmz). > >> > >> Allow one port (tcp 1966) into the dmz from the Internet to port 22 on a > >> machine inside. > >> > >> The outside network and the dmz are not allowed into the internal network. > >> > >> The dmz is allowed out. > >> > >> Does anyone else have these problems, or am I missing something? > > > >I don't use scp from outside a firewall... but scp passes through a single > >ssh tunnel, so if ssh works, the networking portion of scp should work, > >and Bering should have absolutely nothing to do with it. > > > >I would review the names for your hosts... each endpoint should be able to > >identify the other. To eliminate name resolution from the picture for > >troubleshooting, use ip addresses in your file-specifications. > > > >Also, confirm that scp is installed and working on each end. Try ssh'ing > >to the other end, and scp'ing from there. Also try the -v option. > > > >--------------------------------------------------------------------------- > >Jeff Newmiller The ..... ..... Go Live... > >DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go... > > Live: OO#.. Dead: OO#.. Playing > >Research Engineer (Solar/Batteries O.O#. #.O#. with > >/Software/Embedded Controllers) .OO#. .OO#. rocks...2k > >--------------------------------------------------------------------------- > > > > > >_______________________________________________ > >Leaf-user mailing list > >[EMAIL PROTECTED] > >https://lists.sourceforge.net/lists/listinfo/leaf-user > > > > -- > ------------------------------------"Never tell me the odds!"--- > Ray Olszewski -- Han Solo > Palo Alto, CA [EMAIL PROTECTED] > ---------------------------------------------------------------- > _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
