Personal computing discussed

Moderators: renee, Steel, notfred

 
Captain Ned
Global Moderator
Topic Author
Posts: 28704
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Open SSH

Tue Mar 08, 2011 12:57 pm

Does anyone here know if the "lite" Windows version of Open SSH (not the full Cygwin install) can be configured to listen on a port other than 22 (preferably 443), or will I need to run the full Cygwin install and hand-cruft conf files. Seems my cat & mouse game with the net nanny has been stepped up a notch.
What we have today is way too much pluribus and not enough unum.
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Open SSH

Tue Mar 08, 2011 1:10 pm

I can't think of any good reason for them to restrict the listen port option. You may still need to hand-cruft the config file to do it though.
Nostalgia isn't what it used to be.
 
Captain Ned
Global Moderator
Topic Author
Posts: 28704
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Open SSH

Tue Mar 08, 2011 1:18 pm

just brew it! wrote:
I can't think of any good reason for them to restrict the listen port option. You may still need to hand-cruft the config file to do it though.

Because PuTTY is sending on port 22 to the SSH daemon running on the home box and it's being blocked. Launching PuTTY on port 22 leads to an instant crash back to the desktop with a "connection refused" error message. Launching PuTTY on port 443 doesn't crash but also doesn't connect because the home box isn't listening on 443, so I need to get the daemon on the home box listening on 443.
What we have today is way too much pluribus and not enough unum.
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Open SSH

Tue Mar 08, 2011 1:37 pm

Captain Ned wrote:
just brew it! wrote:
I can't think of any good reason for them to restrict the listen port option. You may still need to hand-cruft the config file to do it though.

Because PuTTY is sending on port 22 to the SSH daemon running on the home box and it's being blocked. Launching PuTTY on port 22 leads to an instant crash back to the desktop with a "connection refused" error message. Launching PuTTY on port 443 doesn't crash but also doesn't connect because the home box isn't listening on 443, so I need to get the daemon on the home box listening on 443.

I wasn't asking why you were doing it (I figured out already). I was noting that there's no reason for the stripped down OpenSSH server to remove the listen port option, since (AFAIK) it is based on the same code base as the regular OpenSSH and they would have had to do extra work to disable it.

If you have a router/firewall on your home broadband connection, you could also set up the port forward on your firewall to remap port 443 to port 22 (instead of just opening the port straight through). That way you wouldn't need to change the OpenSSH config at all.

Note that the trick of running SSH on the "wrong" port may not work, depending on how smart the net nanny box is. I've seen cases where the connection comes up, but then gets cut after a few seconds when the nanny box figures out that the traffic doesn't look like the protocol it is expecting on that port.

Edit: Sorry if my initial reply was a little terse/obtuse. I've only had something like 3 hours of sleep in the past 2 days.
Nostalgia isn't what it used to be.
 
Captain Ned
Global Moderator
Topic Author
Posts: 28704
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Open SSH

Tue Mar 08, 2011 1:46 pm

just brew it! wrote:
Note that the trick of running SSH on the "wrong" port may not work, depending on how smart the net nanny box is. I've seen cases where the connection comes up, but then gets cut after a few seconds when the nanny box figures out that the traffic doesn't look like the protocol it is expecting on that port.

This one is smarter than most, I fear. I can't even get to gotomypc.com using Open DNS or the direct IP address. Heck, I had to use whois on my phone to get the IP address as the results page of my usual whois provider, hexillion.com, was blocked because of the URL/IP.

So far, though, gotomypc and PuTTY on port 22 are the only things it's blocked.
What we have today is way too much pluribus and not enough unum.
 
DancinJack
Maximum Gerbil
Posts: 4494
Joined: Sat Nov 25, 2006 3:21 pm
Location: Kansas

Re: Open SSH

Tue Mar 08, 2011 2:51 pm

Don't know if this is what you are looking for:

The OpenSSH client uses low numbered ports for rhosts and rhosts-rsa authentication because the server needs to trust the username provided by the client. To get around this, you can add the below example to your ssh_config or ~/.ssh/config file.

UsePrivilegedPort no

Or you can specify this option on the command line, using the -o option to ssh(1) command.

$ ssh -o "UsePrivilegedPort no" host.com


Think this might be for the full cygwin install on Windows. I've never run the "lite" version. In college they taught us to program from command line in Linux and cygwin was the only way you could do it on a Windows box.
i7 6700K - Z170 - 16GiB DDR4 - GTX 1080 - 512GB SSD - 256GB SSD - 500GB SSD - 3TB HDD- 27" IPS G-sync - Win10 Pro x64 - Ubuntu/Mint x64 :: 2015 13" rMBP Sierra :: Canon EOS 80D/Sony RX100
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Open SSH

Tue Mar 08, 2011 3:01 pm

DancinJack wrote:
Don't know if this is what you are looking for:

The OpenSSH client uses low numbered ports for rhosts and rhosts-rsa authentication because the server needs to trust the username provided by the client. To get around this, you can add the below example to your ssh_config or ~/.ssh/config file.

UsePrivilegedPort no

Or you can specify this option on the command line, using the -o option to ssh(1) command.

$ ssh -o "UsePrivilegedPort no" host.com


Think this might be for the full cygwin install on Windows. I've never run the "lite" version. In college they taught us to program from command line in Linux and cygwin was the only way you could do it on a Windows box.

I don't think that's the issue; UsePrivilegedPort is supposed to default to no.

Furthermore, it appears to me that he is trying to change the port that the server listens on, not the port the client uses for its end of the outgoing connection. So that would be the "Port" option in the sshd_config file on the server end.
Nostalgia isn't what it used to be.
 
DancinJack
Maximum Gerbil
Posts: 4494
Joined: Sat Nov 25, 2006 3:21 pm
Location: Kansas

Re: Open SSH

Tue Mar 08, 2011 3:07 pm

Whoops. I need to know more about this lite version (and SSH in general it appears).
i7 6700K - Z170 - 16GiB DDR4 - GTX 1080 - 512GB SSD - 256GB SSD - 500GB SSD - 3TB HDD- 27" IPS G-sync - Win10 Pro x64 - Ubuntu/Mint x64 :: 2015 13" rMBP Sierra :: Canon EOS 80D/Sony RX100
 
Captain Ned
Global Moderator
Topic Author
Posts: 28704
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Open SSH

Tue Mar 08, 2011 3:09 pm

DancinJack wrote:
Whoops. I need to know more about this lite version (and SSH in general it appears).

http://sshwindows.sourceforge.net/
What we have today is way too much pluribus and not enough unum.
 
DancinJack
Maximum Gerbil
Posts: 4494
Joined: Sat Nov 25, 2006 3:21 pm
Location: Kansas

Re: Open SSH

Tue Mar 08, 2011 3:16 pm

Did you change the port in the sshd_config file?
i7 6700K - Z170 - 16GiB DDR4 - GTX 1080 - 512GB SSD - 256GB SSD - 500GB SSD - 3TB HDD- 27" IPS G-sync - Win10 Pro x64 - Ubuntu/Mint x64 :: 2015 13" rMBP Sierra :: Canon EOS 80D/Sony RX100
 
Captain Ned
Global Moderator
Topic Author
Posts: 28704
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Open SSH

Tue Mar 08, 2011 3:25 pm

DancinJack wrote:
Did you change the port in the sshd_config file?

If I could remote in I'd already have tested it. I'll give it a whirl tonight.
What we have today is way too much pluribus and not enough unum.
 
DancinJack
Maximum Gerbil
Posts: 4494
Joined: Sat Nov 25, 2006 3:21 pm
Location: Kansas

Re: Open SSH

Tue Mar 08, 2011 3:33 pm

Quite obviously, i'm not reading previous posts. Sorry.
i7 6700K - Z170 - 16GiB DDR4 - GTX 1080 - 512GB SSD - 256GB SSD - 500GB SSD - 3TB HDD- 27" IPS G-sync - Win10 Pro x64 - Ubuntu/Mint x64 :: 2015 13" rMBP Sierra :: Canon EOS 80D/Sony RX100
 
Steel
Global Moderator
Posts: 2330
Joined: Wed Dec 26, 2001 7:00 pm

Re: Open SSH

Tue Mar 08, 2011 4:19 pm

Have you checked your home router to see if it can forward SSH traffic to another external port? I have it set up that way on mine, mainly to prevent break in attempts by bots.
 
Captain Ned
Global Moderator
Topic Author
Posts: 28704
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Open SSH

Tue Mar 08, 2011 6:15 pm

Steel wrote:
Have you checked your home router to see if it can forward SSH traffic to another external port? I have it set up that way on mine, mainly to prevent break in attempts by bots.

Just changed that with the Tomato firmware on my Linksys WRT-54GL, so the router is now listening on 443 and will pass it to 22 on my home box. We'll see if it worked when I roll into work tomorrow AM.

EDIT: FInally figured out the BSD text file that doesn't play well with Notepad, so port is set & checked. Router port forwarding rule checked using http://www.yougetsignal.com/tools/open-ports/ and confirmed to work. Used Tomato to restrict source IPs to the /16 in which my office IP resides and port is no longer visible using above URL. We'll see tomorrow if this all works. If the router-based method doesn't work, I have confirmed that I can make OpenSSHD listen on 443.
What we have today is way too much pluribus and not enough unum.
 
Captain Ned
Global Moderator
Topic Author
Posts: 28704
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Open SSH

Wed Mar 09, 2011 8:07 am

Krep, no go. Damn nanny box is protocol-aware. We'll try a last-ditch attempt tomorrow on port 80.
What we have today is way too much pluribus and not enough unum.
 
SecretSquirrel
Minister of Gerbil Affairs
Posts: 2726
Joined: Tue Jan 01, 2002 7:00 pm
Location: North DFW suburb...
Contact:

Re: Open SSH

Wed Mar 09, 2011 8:23 am

Captain Ned wrote:
Krep, no go. Damn nanny box is protocol-aware. We'll try a last-ditch attempt tomorrow on port 80.


Might also try 81 or whatever port it uses to pass SSL traffic.

--SS
 
Captain Ned
Global Moderator
Topic Author
Posts: 28704
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Open SSH

Wed Mar 09, 2011 8:35 am

SecretSquirrel wrote:
Captain Ned wrote:
Krep, no go. Damn nanny box is protocol-aware. We'll try a last-ditch attempt tomorrow on port 80.


Might also try 81 or whatever port it uses to pass SSL traffic.

--SS

That was my port 443 test this AM.
What we have today is way too much pluribus and not enough unum.
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Open SSH

Wed Mar 09, 2011 1:45 pm

If it won't pass 443 I don't hold out much hope that 80 will work either.
Nostalgia isn't what it used to be.
 
SecretSquirrel
Minister of Gerbil Affairs
Posts: 2726
Joined: Tue Jan 01, 2002 7:00 pm
Location: North DFW suburb...
Contact:

Re: Open SSH

Wed Mar 09, 2011 10:42 pm

Captain Ned wrote:
SecretSquirrel wrote:
Captain Ned wrote:
Krep, no go. Damn nanny box is protocol-aware. We'll try a last-ditch attempt tomorrow on port 80.


Might also try 81 or whatever port it uses to pass SSL traffic.

--SS

That was my port 443 test this AM.


Are you using proper tunneling software, or just trying to SSH through from your work system to your home system? The latter almost certainly won't work as most corp firewalls block all non HTTP traffic from non-authorized machines. I know ours does. I can't remember the name of the tunnel app I use, but I'll try and dig it up when I get to work tomorrow.

--SS
 
Captain Ned
Global Moderator
Topic Author
Posts: 28704
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Open SSH

Wed Mar 09, 2011 10:58 pm

SecretSquirrel wrote:
Are you using proper tunneling software, or just trying to SSH through from your work system to your home system? The latter almost certainly won't work as most corp firewalls block all non HTTP traffic from non-authorized machines. I know ours does. I can't remember the name of the tunnel app I use, but I'll try and dig it up when I get to work tomorrow.

The app is Corkscrew and it's going to drag me back into CLI and hand-crufted files. Seems like I'm learning CLI *nix whether I like it or not. Good thing I have machine-level admin (sshhhhh!!!!) on my work laptop.
What we have today is way too much pluribus and not enough unum.
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Open SSH

Thu Mar 10, 2011 12:29 am

Corkscrew looks like a nifty little app; I'll have to remember that one.

And CLI *NIX is the One True Path anyhow... :wink:
Nostalgia isn't what it used to be.
 
mikeymike
Gerbil Elite
Posts: 635
Joined: Wed Jan 27, 2010 6:09 am

Re: Open SSH

Thu Mar 10, 2011 3:37 am

Captain Ned wrote:
DancinJack wrote:
Whoops. I need to know more about this lite version (and SSH in general it appears).

http://sshwindows.sourceforge.net/


That version is ancient in terms of how many vulnerabilities must have been patched since then.
 
Captain Ned
Global Moderator
Topic Author
Posts: 28704
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Open SSH

Thu Mar 10, 2011 10:46 am

Success!! And on 443. Things work better when the check box activating the port forwarding rule is actually checked. :oops:
What we have today is way too much pluribus and not enough unum.
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Open SSH

Thu Mar 10, 2011 12:08 pm

Captain Ned wrote:
Success!! And on 443. Things work better when the check box activating the port forwarding rule is actually checked. :oops:

D'oh!

Glad to hear you got it working though.
Nostalgia isn't what it used to be.
 
Captain Ned
Global Moderator
Topic Author
Posts: 28704
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Open SSH

Thu Mar 10, 2011 12:19 pm

just brew it! wrote:
D'oh!

I said something slightly less printable.
What we have today is way too much pluribus and not enough unum.

Who is online

Users browsing this forum: No registered users and 1 guest
GZIP: On