«

Hi,

Looking for a method or ideas for testing my OpenSSH setup on the WAN
at home.

Local testing works okay on my LAN.

Only have one ADSL line.
No analog phone line.
No mobile data option.
System here is Windows XP Pro SP2.
Got port forwarding set up on my ADSL router with LAN IP and port 22.
Have SSH port 22 enabled on my Win XP firewall.

I have found plenty of web proxy providers but can't find an SSH
proxy. If that is even do-able.

Its a long wait at work after testing to find that the SSH link does
not work before trying something else.
Port 22 seems to be open at work.

Any help would be most appreciated.

Cheers

Gordy

In article <>, Gordy did write:

> I have found plenty of web proxy providers but can't find an SSH
> proxy. If that is even do-able.

One answer: shut down the SSH server on the box, start up a Web server on
port 22, and see if that's accessible through the proxy. That will prove
you've got the incoming firewall and NAT settings correct.

Myself, I've always had access to different clients' machines that I could
use to test simple things like this.

On Wed, 05 Mar 2008 21:02:27 +1300, Lawrence D'Oliveiro
<_zealand> wrote:


>One answer: shut down the SSH server on the box, start up a Web server on
>port 22, and see if that's accessible through the proxy. That will prove
>you've got the incoming firewall and NAT settings correct.
>

Thanks for the tip.

That did the trick... found that I didn't have SSH port 22 open in
the network card I was using in the XP firewall exceptions.

Used ninjaproxy.com and testmyports.com to check ports 21, 22 and 80
until open.

Hope to have a good day at work with a succesful SSH link.

Gordy

Gordy wrote:

> On Wed, 05 Mar 2008 21:02:27 +1300, Lawrence D'Oliveiro
> <_zealand> wrote:
>
>
>>One answer: shut down the SSH server on the box, start up a Web server on
>>port 22, and see if that's accessible through the proxy. That will prove
>>you've got the incoming firewall and NAT settings correct.
>>
>
> Thanks for the tip.
>
> That did the trick... found that I didn't have SSH port 22 open in
> the network card I was using in the XP firewall exceptions.
>
> Used ninjaproxy.com and testmyports.com to check ports 21, 22 and 80
> until open.
>
> Hope to have a good day at work with a succesful SSH link.
>
> Gordy

SSH is a powerful protocol, especially when forwarding ports. If you can ssh
to a computer, then you can expose any ip/port that computer can see (such
as a webserver on an internal LAN) to the connecting computer. Basically
ssh opens up the whole of the server side network to you - all through an
encrypted tunnel.
--
A.

Allistar wrote:
> Gordy wrote:
>
>> On Wed, 05 Mar 2008 21:02:27 +1300, Lawrence D'Oliveiro
>> <_zealand> wrote:
>>
>>
>>> One answer: shut down the SSH server on the box, start up a Web server on
>>> port 22, and see if that's accessible through the proxy. That will prove
>>> you've got the incoming firewall and NAT settings correct.
>>>
>> Thanks for the tip.
>>
>> That did the trick... found that I didn't have SSH port 22 open in
>> the network card I was using in the XP firewall exceptions.
>>
>> Used ninjaproxy.com and testmyports.com to check ports 21, 22 and 80
>> until open.
>>
>> Hope to have a good day at work with a succesful SSH link.
>>
>> Gordy
>
> SSH is a powerful protocol, especially when forwarding ports. If you can ssh
> to a computer, then you can expose any ip/port that computer can see (such
> as a webserver on an internal LAN) to the connecting computer. Basically
> ssh opens up the whole of the server side network to you - all through an
> encrypted tunnel.

You might want to run it on a different port. Set your router to forward
say 3210 (external) (or any port that takes your fancy) to 22 on the
target machine (internal).
An open port 22 is a big target because of the access it can
provide.(Check your firewall log to see how often it gets probed).
Using a key instead of just a password provides better protection, but
if it's only for private use a non-standard port is a good option.

dilberts_left_nut wrote:

> Allistar wrote:
>> Gordy wrote:
>>
>>> On Wed, 05 Mar 2008 21:02:27 +1300, Lawrence D'Oliveiro
>>> <_zealand> wrote:
>>>
>>>
>>>> One answer: shut down the SSH server on the box, start up a Web server
>>>> on port 22, and see if that's accessible through the proxy. That will
>>>> prove you've got the incoming firewall and NAT settings correct.
>>>>
>>> Thanks for the tip.
>>>
>>> That did the trick... found that I didn't have SSH port 22 open in
>>> the network card I was using in the XP firewall exceptions.
>>>
>>> Used ninjaproxy.com and testmyports.com to check ports 21, 22 and 80
>>> until open.
>>>
>>> Hope to have a good day at work with a succesful SSH link.
>>>
>>> Gordy
>>
>> SSH is a powerful protocol, especially when forwarding ports. If you can
>> ssh to a computer, then you can expose any ip/port that computer can see
>> (such as a webserver on an internal LAN) to the connecting computer.
>> Basically ssh opens up the whole of the server side network to you - all
>> through an encrypted tunnel.
>
> You might want to run it on a different port. Set your router to forward
> say 3210 (external) (or any port that takes your fancy) to 22 on the
> target machine (internal).
> An open port 22 is a big target because of the access it can
> provide.(Check your firewall log to see how often it gets probed).
> Using a key instead of just a password provides better protection, but
> if it's only for private use a non-standard port is a good option.

Yes, that's a good idea. Also ensure you only allow connections using
private/public key pairs - this prevents a lot of dictionary type attacks
using common password as guesses. Setting up the keys is trivial.
--
A.