Open SSH

The network is the forum.

Moderators: Steel, notfred

Open SSH

Postposted on Tue Mar 08, 2011 11:57 am

Does anyone here know if the "lite" Windows version of Open SSH (not the full Cygwin install) can be configured to listen on a port other than 22 (preferably 443), or will I need to run the full Cygwin install and hand-cruft conf files. Seems my cat & mouse game with the net nanny has been stepped up a notch.
There are people that embrace the Oxford comma and people who don't. Never get between these people when drink has been taken. I use the Oxford comma and always will. The rest can sod off.
Captain Ned
Global Moderator
Gold subscriber
 
 
Posts: 19773
Joined: Wed Jan 16, 2002 6:00 pm
Location: Vermont, USA

Re: Open SSH

Postposted on Tue Mar 08, 2011 12:10 pm

I can't think of any good reason for them to restrict the listen port option. You may still need to hand-cruft the config file to do it though.
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 36922
Joined: Tue Aug 20, 2002 9:51 pm
Location: Somewhere, having a beer

Re: Open SSH

Postposted on Tue Mar 08, 2011 12:18 pm

just brew it! wrote:I can't think of any good reason for them to restrict the listen port option. You may still need to hand-cruft the config file to do it though.

Because PuTTY is sending on port 22 to the SSH daemon running on the home box and it's being blocked. Launching PuTTY on port 22 leads to an instant crash back to the desktop with a "connection refused" error message. Launching PuTTY on port 443 doesn't crash but also doesn't connect because the home box isn't listening on 443, so I need to get the daemon on the home box listening on 443.
There are people that embrace the Oxford comma and people who don't. Never get between these people when drink has been taken. I use the Oxford comma and always will. The rest can sod off.
Captain Ned
Global Moderator
Gold subscriber
 
 
Posts: 19773
Joined: Wed Jan 16, 2002 6:00 pm
Location: Vermont, USA

Re: Open SSH

Postposted on Tue Mar 08, 2011 12:37 pm

Captain Ned wrote:
just brew it! wrote:I can't think of any good reason for them to restrict the listen port option. You may still need to hand-cruft the config file to do it though.

Because PuTTY is sending on port 22 to the SSH daemon running on the home box and it's being blocked. Launching PuTTY on port 22 leads to an instant crash back to the desktop with a "connection refused" error message. Launching PuTTY on port 443 doesn't crash but also doesn't connect because the home box isn't listening on 443, so I need to get the daemon on the home box listening on 443.

I wasn't asking why you were doing it (I figured out already). I was noting that there's no reason for the stripped down OpenSSH server to remove the listen port option, since (AFAIK) it is based on the same code base as the regular OpenSSH and they would have had to do extra work to disable it.

If you have a router/firewall on your home broadband connection, you could also set up the port forward on your firewall to remap port 443 to port 22 (instead of just opening the port straight through). That way you wouldn't need to change the OpenSSH config at all.

Note that the trick of running SSH on the "wrong" port may not work, depending on how smart the net nanny box is. I've seen cases where the connection comes up, but then gets cut after a few seconds when the nanny box figures out that the traffic doesn't look like the protocol it is expecting on that port.

Edit: Sorry if my initial reply was a little terse/obtuse. I've only had something like 3 hours of sleep in the past 2 days.
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 36922
Joined: Tue Aug 20, 2002 9:51 pm
Location: Somewhere, having a beer

Re: Open SSH

Postposted on Tue Mar 08, 2011 12:46 pm

just brew it! wrote:Note that the trick of running SSH on the "wrong" port may not work, depending on how smart the net nanny box is. I've seen cases where the connection comes up, but then gets cut after a few seconds when the nanny box figures out that the traffic doesn't look like the protocol it is expecting on that port.

This one is smarter than most, I fear. I can't even get to gotomypc.com using Open DNS or the direct IP address. Heck, I had to use whois on my phone to get the IP address as the results page of my usual whois provider, hexillion.com, was blocked because of the URL/IP.

So far, though, gotomypc and PuTTY on port 22 are the only things it's blocked.
There are people that embrace the Oxford comma and people who don't. Never get between these people when drink has been taken. I use the Oxford comma and always will. The rest can sod off.
Captain Ned
Global Moderator
Gold subscriber
 
 
Posts: 19773
Joined: Wed Jan 16, 2002 6:00 pm
Location: Vermont, USA

Re: Open SSH

Postposted on Tue Mar 08, 2011 1:51 pm

Don't know if this is what you are looking for:

The OpenSSH client uses low numbered ports for rhosts and rhosts-rsa authentication because the server needs to trust the username provided by the client. To get around this, you can add the below example to your ssh_config or ~/.ssh/config file.

UsePrivilegedPort no

Or you can specify this option on the command line, using the -o option to ssh(1) command.

$ ssh -o "UsePrivilegedPort no" host.com


Think this might be for the full cygwin install on Windows. I've never run the "lite" version. In college they taught us to program from command line in Linux and cygwin was the only way you could do it on a Windows box.
i7 860 - GA-P55-USB3 - 8GiB - HD7850 - SSD - 3.64TB HDD - Xonar D1 - U2410 - Win7 Pro x64.
DancinJack
Gerbil Jedi
 
Posts: 1970
Joined: Sat Nov 25, 2006 2:21 pm
Location: Cambridge,MA

Re: Open SSH

Postposted on Tue Mar 08, 2011 2:01 pm

DancinJack wrote:Don't know if this is what you are looking for:

The OpenSSH client uses low numbered ports for rhosts and rhosts-rsa authentication because the server needs to trust the username provided by the client. To get around this, you can add the below example to your ssh_config or ~/.ssh/config file.

UsePrivilegedPort no

Or you can specify this option on the command line, using the -o option to ssh(1) command.

$ ssh -o "UsePrivilegedPort no" host.com


Think this might be for the full cygwin install on Windows. I've never run the "lite" version. In college they taught us to program from command line in Linux and cygwin was the only way you could do it on a Windows box.

I don't think that's the issue; UsePrivilegedPort is supposed to default to no.

Furthermore, it appears to me that he is trying to change the port that the server listens on, not the port the client uses for its end of the outgoing connection. So that would be the "Port" option in the sshd_config file on the server end.
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 36922
Joined: Tue Aug 20, 2002 9:51 pm
Location: Somewhere, having a beer

Re: Open SSH

Postposted on Tue Mar 08, 2011 2:07 pm

Whoops. I need to know more about this lite version (and SSH in general it appears).
i7 860 - GA-P55-USB3 - 8GiB - HD7850 - SSD - 3.64TB HDD - Xonar D1 - U2410 - Win7 Pro x64.
DancinJack
Gerbil Jedi
 
Posts: 1970
Joined: Sat Nov 25, 2006 2:21 pm
Location: Cambridge,MA

Re: Open SSH

Postposted on Tue Mar 08, 2011 2:09 pm

DancinJack wrote:Whoops. I need to know more about this lite version (and SSH in general it appears).

http://sshwindows.sourceforge.net/
There are people that embrace the Oxford comma and people who don't. Never get between these people when drink has been taken. I use the Oxford comma and always will. The rest can sod off.
Captain Ned
Global Moderator
Gold subscriber
 
 
Posts: 19773
Joined: Wed Jan 16, 2002 6:00 pm
Location: Vermont, USA

Re: Open SSH

Postposted on Tue Mar 08, 2011 2:16 pm

Did you change the port in the sshd_config file?
i7 860 - GA-P55-USB3 - 8GiB - HD7850 - SSD - 3.64TB HDD - Xonar D1 - U2410 - Win7 Pro x64.
DancinJack
Gerbil Jedi
 
Posts: 1970
Joined: Sat Nov 25, 2006 2:21 pm
Location: Cambridge,MA

Re: Open SSH

Postposted on Tue Mar 08, 2011 2:25 pm

DancinJack wrote:Did you change the port in the sshd_config file?

If I could remote in I'd already have tested it. I'll give it a whirl tonight.
There are people that embrace the Oxford comma and people who don't. Never get between these people when drink has been taken. I use the Oxford comma and always will. The rest can sod off.
Captain Ned
Global Moderator
Gold subscriber
 
 
Posts: 19773
Joined: Wed Jan 16, 2002 6:00 pm
Location: Vermont, USA

Re: Open SSH

Postposted on Tue Mar 08, 2011 2:33 pm

Quite obviously, i'm not reading previous posts. Sorry.
i7 860 - GA-P55-USB3 - 8GiB - HD7850 - SSD - 3.64TB HDD - Xonar D1 - U2410 - Win7 Pro x64.
DancinJack
Gerbil Jedi
 
Posts: 1970
Joined: Sat Nov 25, 2006 2:21 pm
Location: Cambridge,MA

Re: Open SSH

Postposted on Tue Mar 08, 2011 3:19 pm

Have you checked your home router to see if it can forward SSH traffic to another external port? I have it set up that way on mine, mainly to prevent break in attempts by bots.
Steel
Global Moderator
Gold subscriber
 
 
Posts: 2321
Joined: Wed Dec 26, 2001 6:00 pm

Re: Open SSH

Postposted on Tue Mar 08, 2011 5:15 pm

Steel wrote:Have you checked your home router to see if it can forward SSH traffic to another external port? I have it set up that way on mine, mainly to prevent break in attempts by bots.

Just changed that with the Tomato firmware on my Linksys WRT-54GL, so the router is now listening on 443 and will pass it to 22 on my home box. We'll see if it worked when I roll into work tomorrow AM.

EDIT: FInally figured out the BSD text file that doesn't play well with Notepad, so port is set & checked. Router port forwarding rule checked using http://www.yougetsignal.com/tools/open-ports/ and confirmed to work. Used Tomato to restrict source IPs to the /16 in which my office IP resides and port is no longer visible using above URL. We'll see tomorrow if this all works. If the router-based method doesn't work, I have confirmed that I can make OpenSSHD listen on 443.
There are people that embrace the Oxford comma and people who don't. Never get between these people when drink has been taken. I use the Oxford comma and always will. The rest can sod off.
Captain Ned
Global Moderator
Gold subscriber
 
 
Posts: 19773
Joined: Wed Jan 16, 2002 6:00 pm
Location: Vermont, USA

Re: Open SSH

Postposted on Wed Mar 09, 2011 7:07 am

Krep, no go. Damn nanny box is protocol-aware. We'll try a last-ditch attempt tomorrow on port 80.
There are people that embrace the Oxford comma and people who don't. Never get between these people when drink has been taken. I use the Oxford comma and always will. The rest can sod off.
Captain Ned
Global Moderator
Gold subscriber
 
 
Posts: 19773
Joined: Wed Jan 16, 2002 6:00 pm
Location: Vermont, USA

Re: Open SSH

Postposted on Wed Mar 09, 2011 7:23 am

Captain Ned wrote:Krep, no go. Damn nanny box is protocol-aware. We'll try a last-ditch attempt tomorrow on port 80.


Might also try 81 or whatever port it uses to pass SSL traffic.

--SS
SecretSquirrel
Gerbil Jedi
Gold subscriber
 
 
Posts: 1646
Joined: Tue Jan 01, 2002 6:00 pm
Location: The Colony, TX (Dallas suburb)

Re: Open SSH

Postposted on Wed Mar 09, 2011 7:35 am

SecretSquirrel wrote:
Captain Ned wrote:Krep, no go. Damn nanny box is protocol-aware. We'll try a last-ditch attempt tomorrow on port 80.


Might also try 81 or whatever port it uses to pass SSL traffic.

--SS

That was my port 443 test this AM.
There are people that embrace the Oxford comma and people who don't. Never get between these people when drink has been taken. I use the Oxford comma and always will. The rest can sod off.
Captain Ned
Global Moderator
Gold subscriber
 
 
Posts: 19773
Joined: Wed Jan 16, 2002 6:00 pm
Location: Vermont, USA

Re: Open SSH

Postposted on Wed Mar 09, 2011 12:45 pm

If it won't pass 443 I don't hold out much hope that 80 will work either.
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 36922
Joined: Tue Aug 20, 2002 9:51 pm
Location: Somewhere, having a beer

Re: Open SSH

Postposted on Wed Mar 09, 2011 9:42 pm

Captain Ned wrote:
SecretSquirrel wrote:
Captain Ned wrote:Krep, no go. Damn nanny box is protocol-aware. We'll try a last-ditch attempt tomorrow on port 80.


Might also try 81 or whatever port it uses to pass SSL traffic.

--SS

That was my port 443 test this AM.


Are you using proper tunneling software, or just trying to SSH through from your work system to your home system? The latter almost certainly won't work as most corp firewalls block all non HTTP traffic from non-authorized machines. I know ours does. I can't remember the name of the tunnel app I use, but I'll try and dig it up when I get to work tomorrow.

--SS
SecretSquirrel
Gerbil Jedi
Gold subscriber
 
 
Posts: 1646
Joined: Tue Jan 01, 2002 6:00 pm
Location: The Colony, TX (Dallas suburb)

Re: Open SSH

Postposted on Wed Mar 09, 2011 9:58 pm

SecretSquirrel wrote:Are you using proper tunneling software, or just trying to SSH through from your work system to your home system? The latter almost certainly won't work as most corp firewalls block all non HTTP traffic from non-authorized machines. I know ours does. I can't remember the name of the tunnel app I use, but I'll try and dig it up when I get to work tomorrow.

The app is Corkscrew and it's going to drag me back into CLI and hand-crufted files. Seems like I'm learning CLI *nix whether I like it or not. Good thing I have machine-level admin (sshhhhh!!!!) on my work laptop.
There are people that embrace the Oxford comma and people who don't. Never get between these people when drink has been taken. I use the Oxford comma and always will. The rest can sod off.
Captain Ned
Global Moderator
Gold subscriber
 
 
Posts: 19773
Joined: Wed Jan 16, 2002 6:00 pm
Location: Vermont, USA

Re: Open SSH

Postposted on Wed Mar 09, 2011 11:29 pm

Corkscrew looks like a nifty little app; I'll have to remember that one.

And CLI *NIX is the One True Path anyhow... :wink:
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 36922
Joined: Tue Aug 20, 2002 9:51 pm
Location: Somewhere, having a beer

Re: Open SSH

Postposted on Thu Mar 10, 2011 2:37 am

Captain Ned wrote:
DancinJack wrote:Whoops. I need to know more about this lite version (and SSH in general it appears).

http://sshwindows.sourceforge.net/


That version is ancient in terms of how many vulnerabilities must have been patched since then.
mikeymike
Gerbil Elite
 
Posts: 635
Joined: Wed Jan 27, 2010 5:09 am

Re: Open SSH

Postposted on Thu Mar 10, 2011 9:46 am

Success!! And on 443. Things work better when the check box activating the port forwarding rule is actually checked. :oops:
There are people that embrace the Oxford comma and people who don't. Never get between these people when drink has been taken. I use the Oxford comma and always will. The rest can sod off.
Captain Ned
Global Moderator
Gold subscriber
 
 
Posts: 19773
Joined: Wed Jan 16, 2002 6:00 pm
Location: Vermont, USA

Re: Open SSH

Postposted on Thu Mar 10, 2011 11:08 am

Captain Ned wrote:Success!! And on 443. Things work better when the check box activating the port forwarding rule is actually checked. :oops:

D'oh!

Glad to hear you got it working though.
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 36922
Joined: Tue Aug 20, 2002 9:51 pm
Location: Somewhere, having a beer

Re: Open SSH

Postposted on Thu Mar 10, 2011 11:19 am

just brew it! wrote:D'oh!

I said something slightly less printable.
There are people that embrace the Oxford comma and people who don't. Never get between these people when drink has been taken. I use the Oxford comma and always will. The rest can sod off.
Captain Ned
Global Moderator
Gold subscriber
 
 
Posts: 19773
Joined: Wed Jan 16, 2002 6:00 pm
Location: Vermont, USA


Return to Networking

Who is online

Users browsing this forum: No registered users and 1 guest