On 11 Feb 1999, in message <>
Paul Wayper <[EMAIL PROTECTED]> wrote:
| I'm trying to run a secure shell connection through a firewall. I have
| access to the firewall machine and I have SSH1 and 2 running on it. I can
| connect from there to my destination, but I want to avoid having to telnet
| insecurely to the firewall (albeit that the environment inside our firewall
| is considerably more trustworthy).
We run socks on the firewall, and build a sock-enabled ssh.
Another approach is to have the firewall do IP masquerade (aka NAT)
and just have a route to the outside world (this works at home for me).
A third choice is the two-hop approach; ssh to the firewall and instead
of running a shell there, exec an ssh to your target. Put the -t option
in the first ssh and it will work fine; this is how I get into work
from home - "ssh -t" to our firewall (which port-forwards me through to
the locked down interior machine, which is better than the firewall as
a terminus for visitors) and run the command "exec ssh sid" there:
ssh -t our-firewall exec ssh sid
and lo, I have a shell on my personal machine. You'll want to set up
ssh-agent first, otherwise you'll have to type a pass-phrase for each
hop, very tedious.
I have this handily in a script; I just say "work" from my home shell and it
all just happens.
| Is there a way I can enable this in the SSHD, or is this completely
| incompatible with SSH's structure?
You don't need to muck with sshd at all.
Cheers,
--
Cameron Simpson, DoD#743 [EMAIL PROTECTED] http://www.zip.com.au/~cs/
There is no reason anyone would want a computer in their home.
--Ken Olson, president, chairman and founder of Digital
Equipment Corp., 1977
