OpenSSH (WinXP) Wan loopback testing?

Discussion in 'NZ Computing' started by Gordy, Mar 5, 2008.

  1. Gordy

    Gordy Guest

    Hi,

    Looking for a method or ideas for testing my OpenSSH setup on the WAN
    at home.

    Local testing works okay on my LAN.

    Only have one ADSL line.
    No analog phone line.
    No mobile data option.
    System here is Windows XP Pro SP2.
    Got port forwarding set up on my ADSL router with LAN IP and port 22.
    Have SSH port 22 enabled on my Win XP firewall.

    I have found plenty of web proxy providers but can't find an SSH
    proxy. If that is even do-able.

    Its a long wait at work after testing to find that the SSH link does
    not work before trying something else.
    Port 22 seems to be open at work.

    Any help would be most appreciated.

    Cheers

    Gordy
    Gordy, Mar 5, 2008
    #1
    1. Advertising

  2. In article <>, Gordy did write:

    > I have found plenty of web proxy providers but can't find an SSH
    > proxy. If that is even do-able.


    One answer: shut down the SSH server on the box, start up a Web server on
    port 22, and see if that's accessible through the proxy. That will prove
    you've got the incoming firewall and NAT settings correct.

    Myself, I've always had access to different clients' machines that I could
    use to test simple things like this.
    Lawrence D'Oliveiro, Mar 5, 2008
    #2
    1. Advertising

  3. Gordy

    Gordy Guest

    On Wed, 05 Mar 2008 21:02:27 +1300, Lawrence D'Oliveiro
    <_zealand> wrote:


    >One answer: shut down the SSH server on the box, start up a Web server on
    >port 22, and see if that's accessible through the proxy. That will prove
    >you've got the incoming firewall and NAT settings correct.
    >


    Thanks for the tip.

    That did the trick... found that I didn't have SSH port 22 open in
    the network card I was using in the XP firewall exceptions.

    Used ninjaproxy.com and testmyports.com to check ports 21, 22 and 80
    until open.

    Hope to have a good day at work with a succesful SSH link.

    Gordy
    Gordy, Mar 5, 2008
    #3
  4. Gordy

    Allistar Guest

    Gordy wrote:

    > On Wed, 05 Mar 2008 21:02:27 +1300, Lawrence D'Oliveiro
    > <_zealand> wrote:
    >
    >
    >>One answer: shut down the SSH server on the box, start up a Web server on
    >>port 22, and see if that's accessible through the proxy. That will prove
    >>you've got the incoming firewall and NAT settings correct.
    >>

    >
    > Thanks for the tip.
    >
    > That did the trick... found that I didn't have SSH port 22 open in
    > the network card I was using in the XP firewall exceptions.
    >
    > Used ninjaproxy.com and testmyports.com to check ports 21, 22 and 80
    > until open.
    >
    > Hope to have a good day at work with a succesful SSH link.
    >
    > Gordy


    SSH is a powerful protocol, especially when forwarding ports. If you can ssh
    to a computer, then you can expose any ip/port that computer can see (such
    as a webserver on an internal LAN) to the connecting computer. Basically
    ssh opens up the whole of the server side network to you - all through an
    encrypted tunnel.
    --
    A.
    Allistar, Mar 5, 2008
    #4
  5. Allistar wrote:
    > Gordy wrote:
    >
    >> On Wed, 05 Mar 2008 21:02:27 +1300, Lawrence D'Oliveiro
    >> <_zealand> wrote:
    >>
    >>
    >>> One answer: shut down the SSH server on the box, start up a Web server on
    >>> port 22, and see if that's accessible through the proxy. That will prove
    >>> you've got the incoming firewall and NAT settings correct.
    >>>

    >> Thanks for the tip.
    >>
    >> That did the trick... found that I didn't have SSH port 22 open in
    >> the network card I was using in the XP firewall exceptions.
    >>
    >> Used ninjaproxy.com and testmyports.com to check ports 21, 22 and 80
    >> until open.
    >>
    >> Hope to have a good day at work with a succesful SSH link.
    >>
    >> Gordy

    >
    > SSH is a powerful protocol, especially when forwarding ports. If you can ssh
    > to a computer, then you can expose any ip/port that computer can see (such
    > as a webserver on an internal LAN) to the connecting computer. Basically
    > ssh opens up the whole of the server side network to you - all through an
    > encrypted tunnel.


    You might want to run it on a different port. Set your router to forward
    say 3210 (external) (or any port that takes your fancy) to 22 on the
    target machine (internal).
    An open port 22 is a big target because of the access it can
    provide.(Check your firewall log to see how often it gets probed).
    Using a key instead of just a password provides better protection, but
    if it's only for private use a non-standard port is a good option.
    dilberts_left_nut, Mar 6, 2008
    #5
  6. Gordy

    Allistar Guest

    dilberts_left_nut wrote:

    > Allistar wrote:
    >> Gordy wrote:
    >>
    >>> On Wed, 05 Mar 2008 21:02:27 +1300, Lawrence D'Oliveiro
    >>> <_zealand> wrote:
    >>>
    >>>
    >>>> One answer: shut down the SSH server on the box, start up a Web server
    >>>> on port 22, and see if that's accessible through the proxy. That will
    >>>> prove you've got the incoming firewall and NAT settings correct.
    >>>>
    >>> Thanks for the tip.
    >>>
    >>> That did the trick... found that I didn't have SSH port 22 open in
    >>> the network card I was using in the XP firewall exceptions.
    >>>
    >>> Used ninjaproxy.com and testmyports.com to check ports 21, 22 and 80
    >>> until open.
    >>>
    >>> Hope to have a good day at work with a succesful SSH link.
    >>>
    >>> Gordy

    >>
    >> SSH is a powerful protocol, especially when forwarding ports. If you can
    >> ssh to a computer, then you can expose any ip/port that computer can see
    >> (such as a webserver on an internal LAN) to the connecting computer.
    >> Basically ssh opens up the whole of the server side network to you - all
    >> through an encrypted tunnel.

    >
    > You might want to run it on a different port. Set your router to forward
    > say 3210 (external) (or any port that takes your fancy) to 22 on the
    > target machine (internal).
    > An open port 22 is a big target because of the access it can
    > provide.(Check your firewall log to see how often it gets probed).
    > Using a key instead of just a password provides better protection, but
    > if it's only for private use a non-standard port is a good option.


    Yes, that's a good idea. Also ensure you only allow connections using
    private/public key pairs - this prevents a lot of dictionary type attacks
    using common password as guesses. Setting up the keys is trivial.
    --
    A.
    Allistar, Mar 6, 2008
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Truth Monopoly

    Setting home directory for OpenSSH logins

    Truth Monopoly, May 24, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    14,206
    brccabral
    Nov 17, 2010
  2. David

    Openssh 4.2 out

    David, Sep 5, 2005, in forum: Computer Security
    Replies:
    1
    Views:
    475
    Imhotep
    Sep 5, 2005
  3. Erik Naslund

    OpenSSH Windows Security

    Erik Naslund, Aug 2, 2006, in forum: Computer Security
    Replies:
    13
    Views:
    11,521
    jmlynn
    Nov 26, 2007
  4. vbMark

    SFTP via SSHWindows/OpenSSH qustion.

    vbMark, Mar 6, 2006, in forum: Computer Support
    Replies:
    1
    Views:
    670
  5. perr

    OpenSSH on Windows Syntax question.

    perr, Jan 18, 2008, in forum: Computer Security
    Replies:
    1
    Views:
    757
    Todd H.
    Jan 18, 2008
Loading...

Share This Page