From: Randy Dunlap <randy.dunlap@intel.com>
To: openssh-unix-dev@mindrot.org
Subject: using proxy & firewall
Hi,
(Please cc me on replies. I'm not subscribed.)
I'm new to using ssh and I'm having some beginner
problems -- I hope.
I've having some trouble using openssh thru a firewall
to sourceforge.net. I'm using Linux (was RedHat 2.2.x,
but now is 2.3.99). openssh is version 1.2.3.
~rdunlap/.ssh/config contains:
+++++++++++++++++++++++++++++++++
Host *.sourceforge.net
Compression no
ProxyCommand ssh proxy.fm.intel.com
User rdunlap
# end.
+++++++++++++++++++++++++++++++
/etc/ssh/ssh_config contains defaults:
++++++++++++++++++++++++++++++
Host *
ForwardAgent no
ForwardX11 no
FallBackToRsh no
CheckHostIP yes
StrictHostKeyChecking no
++++++++++++++++++++++++++++++++
The networking people told me that I need to get
to proxy.fm.intel.com port 1080. Is that what
ProxyCommand is doing?
Am I using this correctly, incorrectly, anywhere close to
correct? I don't quite understand what parameter(s) (string)
to use on "ProxyCommand".
I run:
ssh -v linux-usb.sourceforge.net
and get this:
[rdunlap@dragon rdunlap]$ ssh -v linux-usb.sourceforge.net
SSH Version OpenSSH-1.2.3, protocol version 1.5.
Compiled with SSL.
debug: Reading configuration data /home/rdunlap/.ssh/config
debug: Applying options for *.sourceforge.net
debug: Reading configuration data /etc/ssh/ssh_config
debug: Applying options for *
debug: ssh_connect: getuid 500 geteuid 0 anon 0
debug: Executing proxy command: ssh proxy.fm.intel.com
Pseudo-terminal will not be allocated because stdin is not a terminal.
Warning: Permanently added 'proxy.fm.intel.com,132.233.247.4' to the
list of known hosts.
rdunlap@proxy.fm.intel.com's password:
Do I need a userid/password on the proxy (server) system?
It asks me for the password for user rdunlap.
After 3 bad passwords, it exits (which is OK).
The next time that I run the same command, I get this:
[rdunlap@dragon rdunlap]$ ssh -v linux-usb.sourceforge.net
SSH Version OpenSSH-1.2.3, protocol version 1.5.
Compiled with SSL.
debug: Reading configuration data /home/rdunlap/.ssh/config
debug: Applying options for *.sourceforge.net
debug: Reading configuration data /etc/ssh/ssh_config
debug: Applying options for *
debug: ssh_connect: getuid 500 geteuid 0 anon 0
debug: Executing proxy command: ssh proxy.fm.intel.com
Pseudo-terminal will not be allocated because stdin is not a terminal.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle
attack)!
It is also possible that the host key has just been changed.
Please contact your system administrator.
Add correct host key in /home/rdunlap/.ssh/known_hosts to get rid of
this message.
Password authentication is disabled to avoid trojan horses.
Permission denied.
ssh_exchange_identification: Connection closed by remote host
debug: Calling cleanup 0x805545c(0x0)
[rdunlap@dragon rdunlap]$
Do I have to wait N minutes before I try to login to the
proxy server again? (I know, this isn't an ssh problem.)
I'd sure appreciate some help or guidance or a howto get
started.
Thanks,
~Randy
--
___________________________________________________
|Randy Dunlap Intel Corp., DAL Sr. SW Engr.|
|randy.dunlap.at.intel.com 503-696-2055|
|NOTE: Any views presented here are mine alone |
|and may not represent the views of my employer. |
|_________________________________________________|
To: openssh-unix-dev@mindrot.org
Subject: using proxy & firewall
Hi,
(Please cc me on replies. I'm not subscribed.)
I'm new to using ssh and I'm having some beginner
problems -- I hope.
I've having some trouble using openssh thru a firewall
to sourceforge.net. I'm using Linux (was RedHat 2.2.x,
but now is 2.3.99). openssh is version 1.2.3.
~rdunlap/.ssh/config contains:
+++++++++++++++++++++++++++++++++
Host *.sourceforge.net
Compression no
ProxyCommand ssh proxy.fm.intel.com
User rdunlap
# end.
+++++++++++++++++++++++++++++++
/etc/ssh/ssh_config contains defaults:
++++++++++++++++++++++++++++++
Host *
ForwardAgent no
ForwardX11 no
FallBackToRsh no
CheckHostIP yes
StrictHostKeyChecking no
++++++++++++++++++++++++++++++++
The networking people told me that I need to get
to proxy.fm.intel.com port 1080. Is that what
ProxyCommand is doing?
Am I using this correctly, incorrectly, anywhere close to
correct? I don't quite understand what parameter(s) (string)
to use on "ProxyCommand".
I run:
ssh -v linux-usb.sourceforge.net
and get this:
[rdunlap@dragon rdunlap]$ ssh -v linux-usb.sourceforge.net
SSH Version OpenSSH-1.2.3, protocol version 1.5.
Compiled with SSL.
debug: Reading configuration data /home/rdunlap/.ssh/config
debug: Applying options for *.sourceforge.net
debug: Reading configuration data /etc/ssh/ssh_config
debug: Applying options for *
debug: ssh_connect: getuid 500 geteuid 0 anon 0
debug: Executing proxy command: ssh proxy.fm.intel.com
Pseudo-terminal will not be allocated because stdin is not a terminal.
Warning: Permanently added 'proxy.fm.intel.com,132.233.247.4' to the
list of known hosts.
rdunlap@proxy.fm.intel.com's password:
Do I need a userid/password on the proxy (server) system?
It asks me for the password for user rdunlap.
After 3 bad passwords, it exits (which is OK).
The next time that I run the same command, I get this:
[rdunlap@dragon rdunlap]$ ssh -v linux-usb.sourceforge.net
SSH Version OpenSSH-1.2.3, protocol version 1.5.
Compiled with SSL.
debug: Reading configuration data /home/rdunlap/.ssh/config
debug: Applying options for *.sourceforge.net
debug: Reading configuration data /etc/ssh/ssh_config
debug: Applying options for *
debug: ssh_connect: getuid 500 geteuid 0 anon 0
debug: Executing proxy command: ssh proxy.fm.intel.com
Pseudo-terminal will not be allocated because stdin is not a terminal.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle
attack)!
It is also possible that the host key has just been changed.
Please contact your system administrator.
Add correct host key in /home/rdunlap/.ssh/known_hosts to get rid of
this message.
Password authentication is disabled to avoid trojan horses.
Permission denied.
ssh_exchange_identification: Connection closed by remote host
debug: Calling cleanup 0x805545c(0x0)
[rdunlap@dragon rdunlap]$
Do I have to wait N minutes before I try to login to the
proxy server again? (I know, this isn't an ssh problem.)
I'd sure appreciate some help or guidance or a howto get
started.
Thanks,
~Randy
--
___________________________________________________
|Randy Dunlap Intel Corp., DAL Sr. SW Engr.|
|randy.dunlap.at.intel.com 503-696-2055|
|NOTE: Any views presented here are mine alone |
|and may not represent the views of my employer. |
|_________________________________________________|