Re: apache-ssl/woody cannot handle password protected keys?
Hi, Here comes the trick... it does work... # /usr/sbin/apache-sslctl start Reading key for server my.server:443 Enter PEM pass phrase: You are supposed to type in the passphrase at this point... within the 5-10 seconds that are provided to you in the script It's supposed to be getting the passphrase from somewhere... and YOU need to type it here. :) thanks for the hint, but I *did* type the passphrase here :-) And I am sure that the passphrase is correct. If I supply a bad passphrase, then I get the error message Bad passphrase - try again When I type the correct passphrase, then, at a first glance, everything seems ok: Launching... /usr/lib/apache-ssl/gcache pid=22730 /usr/sbin/apache-sslctl start: httpsd started Nevertheless the server does not work. And that's my problem. Cheers, Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
port-forward ssh
Hi, I'm trying to setup a machine to handle cvs over ssh with public-key authentication, for an open-source project. The OS is debian-testing. A linksys cable/dsl modem acts as router, switch, and NAT agent between the local network and the outside world. I have the linksys set to port-forwarding for port 22 and 'dmz' for the cvs server. Everything works as long as I'm connecting from inside the local network, even using the outside IP address. When I try to connect actually from outside, ssh -v says the initial port-forward happens, but then the connection times out. I set the timeout period in sshd_config to 1800, with no effect. I've been looking at web pages, the ssh book, and a book on firewalls, but there's something here I don't understand. Does anyone have a suggestion on what I can do to figure this out? thanks, Joan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apache-ssl/woody cannot handle password protected keys?
One solution which I use is this... I have both my cert.pem and cert.key file in in a directory... I then run the following: openssl x509 -in cert.pem -out /etc/apache/ssl.crt/server.crt openssl rsa -in cert.key -out /etc/apache/ssl.key/server.key chown root:root /etc/apache/ssl.key/server.key chmod 0600 /etc/apache/ssl.key/server.key This allows me to restart apache without incident... Jeremy On Mon, Feb 25, 2002 at 03:30:08PM +0100, Thomas Gebhardt wrote: Hi, just upgraded a host from potato to woody, I observed that my apache-ssl failed to work. Well, it actually starts but goes down immediately: # /usr/sbin/apache-sslctl start Reading key for server my.server:443 Enter PEM pass phrase: Launching... /usr/lib/apache-ssl/gcache pid=22730 /usr/sbin/apache-sslctl start: httpsd started or similary: # /etc/init.d/apache-ssl start Starting web server: apache-sslReading key for server my.server:443 Enter PEM pass phrase: Launching... /usr/lib/apache-ssl/gcache pid=22999 . The error log says: [Mon Feb 25 15:20:36 2002] [crit] (22)Invalid argument: Error reading private key file /etc/apache-ssl/secret.key: [Mon Feb 25 15:20:36 2002] [crit] error:0906406D:PEM routines:DEF_CALLBACK:problems getting password [Mon Feb 25 15:20:36 2002] [crit] error:0906A068:PEM routines:PEM_do_header:bad password read My PEM pass phrase is ok; in case of a typo I get something like: # /usr/sbin/apache-sslctl start Reading key for server my.server:443 Enter PEM pass phrase: Bad passphrase - try again When I remove the passphrase from /etc/apache-ssl/secret.key (such that it is only proteced by its file permissions) then apache-ssl works fine. I also tried apache-ssl from unstable (1.3.23.1+1.45-1) which gives the same results. I would appreciate any hints! Is it my fault or is this a bug (a feature?) within apache-ssl? Thanks, Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: webhosting
At 05:30 PM 2/23/2002, Rishi L Khan wrote: My imagine: 1. Apache with PHP, and some cgi could be enabled (perl, etc.) 2. FTP for each Apache web Use ssh and scp or sftp instead. 3. Some e-mails for each web (better with webmail+antivir) IMAP or POP3 over SSL ... 4. Primary DNS server for each web Only one DNS server serves all the web domains. Look into chrooting BIND. For secure DNS service, I suggest djbdns. It's much more secure than BIND. Much!! Jer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: webhosting
On Mon, Feb 25, 2002 at 02:18:29PM -0700, Jerry Lynde wrote: True, true... But Michael was asking for secure, not non-anal licensing... I don't expect he was gonna try and hack BIND or djbdns or anything else... shrug I just wouldn't suggest anyone use BIND is the same sense that I wouldn't suggest they ride a Harley naked on snow-packed icy roads... something bad's bound to happen... Does it have to be a Harley? -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: webhosting
There is a couple of interesting answers, but nothing to help me with my imagine, but I am (maybe) too exacting to find a real (little more described) way to setup the webhosting with my needs. Anyway, is there any doc or something what can help me setup webhosting by my imagine ? Below is copy of my original mail. I think here must be a lot of admins with this type of hosting, share your practice... maybe private? Regards Michal Novotny --cut-- Hello all! I would want to have my own webhosting (for friends etc.), could someone help me how to set up a debian for it, if there is better have for each web special user or what ? My imagine: 1. Apache with PHP, and some cgi could be enabled (perl, etc.) 2. FTP for each Apache web 3. Some e-mails for each web (better with webmail+antivir) 4. Primary DNS server for each web 5. there will be (for now) only 8 webs (domains) and 21 emails Is there change to make it best secure ? So, there will be only my friends, but I want to be careful. I am not new in the Linux, and I have this server already, but only for html web (which runs one user without suexec) and some free ftp for virtual domains. But it is not all real Debian packages and I think it is not too much secure :-(. So, I want it setup again clean. Thank you for any message. Regards Michal Novotny --cut-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: PPPoverEthernet vs. PPPoverATM
Hello, This is actually not true. PPPoE transport the ppp frame between the pppoe client and the adsl box, which will decapsulate the ethernet header and will send back the ppp frame encapsulated in ATM cell, so, no additionnal overhead. The fact to use or not the routing faciluity of the alcatel box is another possibility, definitively. JeF On Fri, Feb 22, 2002 at 04:47:02PM +0100, VERBEEK, Francois wrote: Note that PPPoE is anyway encapsulated in ATM so you eventually get an additional (and useless) overhead. Some say you never feel it, others say you do. Anyway, to avoid unnecessary encapsulation is always an advantage. The hack of Alcatel SpeedTouch home to SpeedTouch Pro is worth it, seeing as you avoid such an additional encapsulation. BTW, a SpeedTouch home changed to a SpeedTouch pro does not offer any open port (doesn't even respond to ping) so it may be considered as quite secure (if you don't define a default internal server in the NAT parameters). http://www.sateh.com (if I remember well) -Original Message- From: Jean-Francois Dive [SMTP:[EMAIL PROTECTED]] Sent: Thursday, February 21, 2002 2:17 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject:Re: PPPoverEthernet vs. PPPoverATM Hello, The adsl protocol is based on ATM anyhow. ATM cells leave the CPE (the thing which have the phone line in) to reach the local DSLAM which aggregare multiple client and then goes in a WAN which may be quite a lot of things. The question to know if you have to run pppoe or pppoatm is to know how you'll connect to the phone line: for exemple, if you have an ADSL pci card or a USB modem, then the ATM session will be started on the PC running this adapter, so you need to have ATM and pppoatm support in linux. This is doable, depending on the card you have, i configured it sucessfully on a debian + alcatel speedtouch USB. In your scheme, you'll neeed the cisco to run a pppoe client service, to start the ppp connection from there. Cisco support for pppoe have been introduced in 12.1 or 12.1T if i remember correctly and is in the stable (well stable ..) 12.2 main train. I thing is that i am sure the feature exist for the 827, but am definitively not sure for the 2500. In all cases, a simple debian box with 2 cards will give you the same features and more. hope that help, JeF On Thu, Feb 21, 2002 at 08:56:55AM +0100, [EMAIL PROTECTED] wrote: I'm about to turn to ADSL connection to Internet and I'm taking in consideration all the choises the Provider offer. I was surprised in seening they offer an ADSL service not only using the PPP-over-Eth protocol, but also with the PPP-over-ATM. So my question is: if I choose the second system, is debian support it? what is the best configuration (I think I will use the following hardware: ADSL modem + Cisco 25xx router through Ethernet cable connection)? Thanx in advance! §§ GNU/Debian Linux RULES anyhow! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- - Jean-Francois Dive -- [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- - Jean-Francois Dive -- [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: port-forward ssh
You should probably check first that the ssh request reach the server inside, trough the portforwarded address check if sshd spawn a new process., this should give you some hints about the problem. could be reverse lookup dns, firewall restriction, etc... JeF On Mon, Feb 25, 2002 at 11:57:40AM -0500, Joan M Friedman wrote: Hi, I'm trying to setup a machine to handle cvs over ssh with public-key authentication, for an open-source project. The OS is debian-testing. A linksys cable/dsl modem acts as router, switch, and NAT agent between the local network and the outside world. I have the linksys set to port-forwarding for port 22 and 'dmz' for the cvs server. Everything works as long as I'm connecting from inside the local network, even using the outside IP address. When I try to connect actually from outside, ssh -v says the initial port-forward happens, but then the connection times out. I set the timeout period in sshd_config to 1800, with no effect. I've been looking at web pages, the ssh book, and a book on firewalls, but there's something here I don't understand. Does anyone have a suggestion on what I can do to figure this out? thanks, Joan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- - Jean-Francois Dive -- [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apache-ssl/woody cannot handle password protected keys?
Hi, One solution which I use is this... I have both my cert.pem and cert.key file in in a directory... I then run the following: openssl x509 -in cert.pem -out /etc/apache/ssl.crt/server.crt openssl rsa -in cert.key -out /etc/apache/ssl.key/server.key chown root:root /etc/apache/ssl.key/server.key chmod 0600 /etc/apache/ssl.key/server.key This allows me to restart apache without incident... thank you for the hint. But this is a workaround and not a real solution. Yes, it works for me, too: When I remove the passphrase from /etc/apache-ssl/secret.key (such that it is only proteced by its file permissions) then apache-ssl works fine. This is, however, not really an option for me since I am required (by the policy of the CA) to protect the server key by a nontrivial passphrase. Cheers, Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
apache-ssl/woody cannot handle password protected keys?
Hi, just upgraded a host from potato to woody, I observed that my apache-ssl failed to work. Well, it actually starts but goes down immediately: # /usr/sbin/apache-sslctl start Reading key for server my.server:443 Enter PEM pass phrase: Launching... /usr/lib/apache-ssl/gcache pid=22730 /usr/sbin/apache-sslctl start: httpsd started or similary: # /etc/init.d/apache-ssl start Starting web server: apache-sslReading key for server my.server:443 Enter PEM pass phrase: Launching... /usr/lib/apache-ssl/gcache pid=22999 . The error log says: [Mon Feb 25 15:20:36 2002] [crit] (22)Invalid argument: Error reading private key file /etc/apache-ssl/secret.key: [Mon Feb 25 15:20:36 2002] [crit] error:0906406D:PEM routines:DEF_CALLBACK:problems getting password [Mon Feb 25 15:20:36 2002] [crit] error:0906A068:PEM routines:PEM_do_header:bad password read My PEM pass phrase is ok; in case of a typo I get something like: # /usr/sbin/apache-sslctl start Reading key for server my.server:443 Enter PEM pass phrase: Bad passphrase - try again When I remove the passphrase from /etc/apache-ssl/secret.key (such that it is only proteced by its file permissions) then apache-ssl works fine. I also tried apache-ssl from unstable (1.3.23.1+1.45-1) which gives the same results. I would appreciate any hints! Is it my fault or is this a bug (a feature?) within apache-ssl? Thanks, Thomas
Re: apache-ssl/woody cannot handle password protected keys?
On Mon, 2002-02-25 at 15:30, Thomas Gebhardt wrote: Hi, just upgraded a host from potato to woody, I observed that my apache-ssl failed to work. Here comes the trick... it does work... # /usr/sbin/apache-sslctl start Reading key for server my.server:443 Enter PEM pass phrase: You are supposed to type in the passphrase at this point... within the 5-10 seconds that are provided to you in the script It's supposed to be getting the passphrase from somewhere... and YOU need to type it here. :) Launching... /usr/lib/apache-ssl/gcache pid=22730 /usr/sbin/apache-sslctl start: httpsd started -- Mark Janssen Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT E-mail: mark(at)markjanssen.nl / maniac(at)maniac.nl GnuPG Key Id: 357D2178 Web: Maniac.nl Unix-God.[Net|Org] MarkJanssen.[com|net|org|nl] SyConOS.[com|nl]
Re: apache-ssl/woody cannot handle password protected keys?
Hi, Here comes the trick... it does work... # /usr/sbin/apache-sslctl start Reading key for server my.server:443 Enter PEM pass phrase: You are supposed to type in the passphrase at this point... within the 5-10 seconds that are provided to you in the script It's supposed to be getting the passphrase from somewhere... and YOU need to type it here. :) thanks for the hint, but I *did* type the passphrase here :-) And I am sure that the passphrase is correct. If I supply a bad passphrase, then I get the error message Bad passphrase - try again When I type the correct passphrase, then, at a first glance, everything seems ok: Launching... /usr/lib/apache-ssl/gcache pid=22730 /usr/sbin/apache-sslctl start: httpsd started Nevertheless the server does not work. And that's my problem. Cheers, Thomas
port-forward ssh
Hi, I'm trying to setup a machine to handle cvs over ssh with public-key authentication, for an open-source project. The OS is debian-testing. A linksys cable/dsl modem acts as router, switch, and NAT agent between the local network and the outside world. I have the linksys set to port-forwarding for port 22 and 'dmz' for the cvs server. Everything works as long as I'm connecting from inside the local network, even using the outside IP address. When I try to connect actually from outside, ssh -v says the initial port-forward happens, but then the connection times out. I set the timeout period in sshd_config to 1800, with no effect. I've been looking at web pages, the ssh book, and a book on firewalls, but there's something here I don't understand. Does anyone have a suggestion on what I can do to figure this out? thanks, Joan
Re: apache-ssl/woody cannot handle password protected keys?
One solution which I use is this... I have both my cert.pem and cert.key file in in a directory... I then run the following: openssl x509 -in cert.pem -out /etc/apache/ssl.crt/server.crt openssl rsa -in cert.key -out /etc/apache/ssl.key/server.key chown root:root /etc/apache/ssl.key/server.key chmod 0600 /etc/apache/ssl.key/server.key This allows me to restart apache without incident... Jeremy On Mon, Feb 25, 2002 at 03:30:08PM +0100, Thomas Gebhardt wrote: Hi, just upgraded a host from potato to woody, I observed that my apache-ssl failed to work. Well, it actually starts but goes down immediately: # /usr/sbin/apache-sslctl start Reading key for server my.server:443 Enter PEM pass phrase: Launching... /usr/lib/apache-ssl/gcache pid=22730 /usr/sbin/apache-sslctl start: httpsd started or similary: # /etc/init.d/apache-ssl start Starting web server: apache-sslReading key for server my.server:443 Enter PEM pass phrase: Launching... /usr/lib/apache-ssl/gcache pid=22999 . The error log says: [Mon Feb 25 15:20:36 2002] [crit] (22)Invalid argument: Error reading private key file /etc/apache-ssl/secret.key: [Mon Feb 25 15:20:36 2002] [crit] error:0906406D:PEM routines:DEF_CALLBACK:problems getting password [Mon Feb 25 15:20:36 2002] [crit] error:0906A068:PEM routines:PEM_do_header:bad password read My PEM pass phrase is ok; in case of a typo I get something like: # /usr/sbin/apache-sslctl start Reading key for server my.server:443 Enter PEM pass phrase: Bad passphrase - try again When I remove the passphrase from /etc/apache-ssl/secret.key (such that it is only proteced by its file permissions) then apache-ssl works fine. I also tried apache-ssl from unstable (1.3.23.1+1.45-1) which gives the same results. I would appreciate any hints! Is it my fault or is this a bug (a feature?) within apache-ssl? Thanks, Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: webhosting
At 05:30 PM 2/23/2002, Rishi L Khan wrote: My imagine: 1. Apache with PHP, and some cgi could be enabled (perl, etc.) 2. FTP for each Apache web Use ssh and scp or sftp instead. 3. Some e-mails for each web (better with webmail+antivir) IMAP or POP3 over SSL ... 4. Primary DNS server for each web Only one DNS server serves all the web domains. Look into chrooting BIND. For secure DNS service, I suggest djbdns. It's much more secure than BIND. Much!! Jer
Re: webhosting
Quoting Jerry Lynde ([EMAIL PROTECTED]): For secure DNS service, I suggest djbdns. It's much more secure than BIND. Much!! It also has a much more anal license (much!!) Greets, Robert -- Linux Generation encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key. Sodomy is a pain in the ass.
Re: webhosting
At 12:15 PM 2/25/2002, Robert wrote: Quoting Jerry Lynde ([EMAIL PROTECTED]): For secure DNS service, I suggest djbdns. It's much more secure than BIND. Much!! It also has a much more anal license (much!!) Greets, Robert True, true... But Michael was asking for secure, not non-anal licensing... I don't expect he was gonna try and hack BIND or djbdns or anything else... shrug I just wouldn't suggest anyone use BIND is the same sense that I wouldn't suggest they ride a Harley naked on snow-packed icy roads... something bad's bound to happen... ;o) Jer
Re: webhosting
On Mon, Feb 25, 2002 at 02:18:29PM -0700, Jerry Lynde wrote: True, true... But Michael was asking for secure, not non-anal licensing... I don't expect he was gonna try and hack BIND or djbdns or anything else... shrug I just wouldn't suggest anyone use BIND is the same sense that I wouldn't suggest they ride a Harley naked on snow-packed icy roads... something bad's bound to happen... Does it have to be a Harley? -- Share and Enjoy.
Re: webhosting
There is a couple of interesting answers, but nothing to help me with my imagine, but I am (maybe) too exacting to find a real (little more described) way to setup the webhosting with my needs. Anyway, is there any doc or something what can help me setup webhosting by my imagine ? Below is copy of my original mail. I think here must be a lot of admins with this type of hosting, share your practice... maybe private? Regards Michal Novotny --cut-- Hello all! I would want to have my own webhosting (for friends etc.), could someone help me how to set up a debian for it, if there is better have for each web special user or what ? My imagine: 1. Apache with PHP, and some cgi could be enabled (perl, etc.) 2. FTP for each Apache web 3. Some e-mails for each web (better with webmail+antivir) 4. Primary DNS server for each web 5. there will be (for now) only 8 webs (domains) and 21 emails Is there change to make it best secure ? So, there will be only my friends, but I want to be careful. I am not new in the Linux, and I have this server already, but only for html web (which runs one user without suexec) and some free ftp for virtual domains. But it is not all real Debian packages and I think it is not too much secure :-(. So, I want it setup again clean. Thank you for any message. Regards Michal Novotny --cut--
Re: webhosting
Quoting Jerry Lynde ([EMAIL PROTECTED]): At 12:15 PM 2/25/2002, Robert wrote: It also has a much more anal license (much!!) True, true... But Michael was asking for secure, not non-anal licensing... I don't expect he was gonna try and hack BIND or djbdns or anything else... shrug Nahh, but we're still on a debian list here, and advising to use something that has a license like this.. :) I just wouldn't suggest anyone use BIND is the same sense that I wouldn't suggest they ride a Harley naked on snow-packed icy roads... something bad's bound to happen... I'm still under the impression that it's quite possible to do a reasonably secure bind install. Bind9 has some nice security-related features, and a completely rewritten codebase (as opposed to bind8). I'm not sure what insecurities you'd impose upon yourself by installing it.. Greets, Robert -- Linux Generation encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key. Laat je in ieder geval nooit imponeren door een hard blaffende advocaat.
Re: PPPoverEthernet vs. PPPoverATM
Hello, This is actually not true. PPPoE transport the ppp frame between the pppoe client and the adsl box, which will decapsulate the ethernet header and will send back the ppp frame encapsulated in ATM cell, so, no additionnal overhead. The fact to use or not the routing faciluity of the alcatel box is another possibility, definitively. JeF On Fri, Feb 22, 2002 at 04:47:02PM +0100, VERBEEK, Francois wrote: Note that PPPoE is anyway encapsulated in ATM so you eventually get an additional (and useless) overhead. Some say you never feel it, others say you do. Anyway, to avoid unnecessary encapsulation is always an advantage. The hack of Alcatel SpeedTouch home to SpeedTouch Pro is worth it, seeing as you avoid such an additional encapsulation. BTW, a SpeedTouch home changed to a SpeedTouch pro does not offer any open port (doesn't even respond to ping) so it may be considered as quite secure (if you don't define a default internal server in the NAT parameters). http://www.sateh.com (if I remember well) -Original Message- From: Jean-Francois Dive [SMTP:[EMAIL PROTECTED] Sent: Thursday, February 21, 2002 2:17 PM To: [EMAIL PROTECTED] Cc: debian-user@lists.debian.org; debian-security@lists.debian.org Subject:Re: PPPoverEthernet vs. PPPoverATM Hello, The adsl protocol is based on ATM anyhow. ATM cells leave the CPE (the thing which have the phone line in) to reach the local DSLAM which aggregare multiple client and then goes in a WAN which may be quite a lot of things. The question to know if you have to run pppoe or pppoatm is to know how you'll connect to the phone line: for exemple, if you have an ADSL pci card or a USB modem, then the ATM session will be started on the PC running this adapter, so you need to have ATM and pppoatm support in linux. This is doable, depending on the card you have, i configured it sucessfully on a debian + alcatel speedtouch USB. In your scheme, you'll neeed the cisco to run a pppoe client service, to start the ppp connection from there. Cisco support for pppoe have been introduced in 12.1 or 12.1T if i remember correctly and is in the stable (well stable ..) 12.2 main train. I thing is that i am sure the feature exist for the 827, but am definitively not sure for the 2500. In all cases, a simple debian box with 2 cards will give you the same features and more. hope that help, JeF On Thu, Feb 21, 2002 at 08:56:55AM +0100, [EMAIL PROTECTED] wrote: I'm about to turn to ADSL connection to Internet and I'm taking in consideration all the choises the Provider offer. I was surprised in seening they offer an ADSL service not only using the PPP-over-Eth protocol, but also with the PPP-over-ATM. So my question is: if I choose the second system, is debian support it? what is the best configuration (I think I will use the following hardware: ADSL modem + Cisco 25xx router through Ethernet cable connection)? Thanx in advance! §§ GNU/Debian Linux RULES anyhow! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- - Jean-Francois Dive -- [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- - Jean-Francois Dive -- [EMAIL PROTECTED]
Re: port-forward ssh
You should probably check first that the ssh request reach the server inside, trough the portforwarded address check if sshd spawn a new process., this should give you some hints about the problem. could be reverse lookup dns, firewall restriction, etc... JeF On Mon, Feb 25, 2002 at 11:57:40AM -0500, Joan M Friedman wrote: Hi, I'm trying to setup a machine to handle cvs over ssh with public-key authentication, for an open-source project. The OS is debian-testing. A linksys cable/dsl modem acts as router, switch, and NAT agent between the local network and the outside world. I have the linksys set to port-forwarding for port 22 and 'dmz' for the cvs server. Everything works as long as I'm connecting from inside the local network, even using the outside IP address. When I try to connect actually from outside, ssh -v says the initial port-forward happens, but then the connection times out. I set the timeout period in sshd_config to 1800, with no effect. I've been looking at web pages, the ssh book, and a book on firewalls, but there's something here I don't understand. Does anyone have a suggestion on what I can do to figure this out? thanks, Joan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- - Jean-Francois Dive -- [EMAIL PROTECTED]