EFW Support

Support => General Support => Topic started by: broadaxe on Wednesday 16 September 2009, 01:14:21 pm


Title: Any Insight on How To Enable Remote/Internet ssh Access?
Post by: broadaxe on Wednesday 16 September 2009, 01:14:21 pm
Hello,
I have a brand new install of Endian Community release 2.2. I am trying to configure the External ssh access with no success. The manual is very terse on this aspect, it just states to look at System => SSH access and then at Firewall => System access. I have configured both in the same way I have in IPCop in the past, but I do not get access - e.g.:
System => SSH access:
  • Allow TCP forwarding
  • Allow password based authentication
  • Allow public key based authentication

and
Firewall => System access:
<ANY> RED Uplink main    TCP/22    ALLOW    Service (SSH)

I have even played with the possibility of doing port forwarding from the front(RED) to the back(GREEN) interface on port 22, all to no avail. Any ideas? Help would be appreciated.

- Broadaxe.

Title: Re: Any Insight on How To Enable Remote/Internet ssh Access?
Post by: DukeOfAwesome on Wednesday 16 September 2009, 01:27:23 pm
From memory it's port 222...

Title: Re: Any Insight on How To Enable Remote/Internet ssh Access?
Post by: broadaxe on Wednesday 16 September 2009, 02:08:06 pm
Well, the /etc/ssh/sshd_config lists both ports. I am not sure if one is used for the GREEN(port 22 definitely) and the other for the RED. I might try that, but I am not sure if it would work for me, I need external access to port 22.
Here is a snippet from the actual Endian Manual (from clicking on the help button at the top right corner of the web interface)

"Assume you have a service such as telnet (or any other service that can be tunneled through SSH) on a computer inside your GREEN zone, say port 23 on host 10.0.0.20.

This is how you can setup a SSH tunnel through your Endian Firewall to access the service securely from outside your LAN.

1. Enable SSH and make sure it can be accessed (see Firewall, System access).

2. From an external system connect to your Endian Firewall using

    ssh -N -f -L 12345:10.0.0.20:23 root@endian_firewall   

where -N tells SSH not to execute commands, but just to forward traffic, -f runs SSH in the background and -L 12345:10.0.0.20:23 maps the external system's port 12345 to port 23 on 10.0.0.20 as it can be seen from your Endian Firewall.

3. The SSH tunnel from port 12345 of the external system to port 23 on host 10.0.0.20 is now established. In this example you can now telnet to port 12345 on localhost to reach 10.0.0.20. "


Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media