SSH Port forwarding when PermitRootLogin==no ?
Hello, I'm (still) trying to work around a limitation I've encountered with a new service provider (cf. MTA on non-standard port). As root: # ssh -L 24:server:52525 server fails because root logins aren't permitted in /etc/sshd_config on the server. Also as root: # ssh -L 24:server:52525 [EMAIL PROTECTED] fails - an terminal session is established, but when I telnet localhost:24 I receive this in the terminal: channel 3: open failed: administratively prohibited: open failed I was kinda under the impression this should work, since the port on the remote server is a dynamic port. Any suggestions how I might get this to work? TIA, Kevin Kinsey ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH Port forwarding when PermitRootLogin==no ?
On Monday 27 October 2008 17:04:46 Kevin Kinsey wrote: Hello, I'm (still) trying to work around a limitation I've encountered with a new service provider (cf. MTA on non-standard port). As root: # ssh -L 24:server:52525 server fails because root logins aren't permitted in /etc/sshd_config on the server. Also as root: # ssh -L 24:server:52525 [EMAIL PROTECTED] fails - an terminal session is established, but when I telnet localhost:24 I receive this in the terminal: channel 3: open failed: administratively prohibited: open failed I was kinda under the impression this should work, since the port on the remote server is a dynamic port. Any suggestions how I might get this to work? I have the same problem with my ISP blocking port 25 inbound and outbound, so I use a DNS provider that will relay my email (email for a domain) to me on an alternate port. I don't recall how much this costs me but it is around $40 yearly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH Port forwarding when PermitRootLogin==no ?
On Mon, Oct 27, 2008 at 12:04:46PM -0500, Kevin Kinsey wrote: Hello, I'm (still) trying to work around a limitation I've encountered with a new service provider (cf. MTA on non-standard port). As root: # ssh -L 24:server:52525 server fails because root logins aren't permitted in /etc/sshd_config on the server. I recently discussed how to deal with this in a manner that does not involve compromising root's security: 1) Make a public key on the machine you're doing ssh -L 24:server:52525 server from. Run ssh-keygen as root 2) Place contents of /root/.ssh/id_rsa.pub in /root/.ssh/authorized_keys on server. Make sure the /root/.ssh directory is perm 0700, and authorized_keys is perm 0600. 3) On server, edit /etc/ssh/sshd_config and change this line: #PermitRootLogin no ...to: PermitRootLogin without-password 4) Send a SIGHUP signal to the master sshd process. This might disconnect any existing SSH sessions to the machine: kill -HUP `cat /var/run/sshd.pid` If you're concerned about what without-password does, read the man page. It WILL NOT let people SSH into the root account, UNLESS they have the private key (on server). Also as root: # ssh -L 24:server:52525 [EMAIL PROTECTED] fails - an terminal session is established, but when I telnet localhost:24 I receive this in the terminal: channel 3: open failed: administratively prohibited: open failed No idea what the channel 3: open failed part means, but the latter likely implies firewalling rules of some kind on the local machine. -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
