Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 31 Jan 2003 10:51:36 +0000
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        freebsd-questions@FreeBSD.ORG
Subject:   Re: ssh & ipfw
Message-ID:  <20030131105136.GB68243@happy-idiot-talk.infracaninophi>
In-Reply-To: <nioj3v8mnn1omqrpoi322pf926lodcf2f9@4ax.com>
References:  <nioj3v8mnn1omqrpoi322pf926lodcf2f9@4ax.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Jan 30, 2003 at 10:06:45PM -0500, Pete C wrote:
> any quick pointers for how to go about setting up ssh though ipfw on a
> gateway/router running nat to one of the internal machines ? (FreeBSD
> on both the router and internal machine)

Let me guess.  You've set up natd(8) on your gateway machine to
forward port 22 to your internal machine --- something like:

    natd -redirect_port tcp internalhost:22 22

and when you connect from an external site to port 22 on the gateway,
ssh rejects the connection complaining that some impostor is trying to
pose as your intended target machine?  Supplying this level of detail
will get you much more effective answers than hinting vaguely about
your problems.

Two thoughts:

i) If you want ssh access to your site to be redirected from the
gateway to an internal machine as shown above, then you should realise
that you can't mix that with direct ssh access to the gateway machine.
You need to ensure that the same host key is presented to the client
each time it attempts to connect to the same server name / IP number.

You should set up the host keys in ~/.known_hosts or
/etc/ssh/ssh_known_hosts accordingly.

ii) You might find this rather useful:
http://www.oreilly.com/catalog/sshtdg/chapter/ch11.html

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030131105136.GB68243>