[ISN] Using an SSH Client through the Corporate Firewall on the telnet port

From: InfoSec News (isnat_private)
Date: Wed May 02 2001 - 11:01:34 PDT

  • Next message: InfoSec News: "[ISN] Staff oblivious to computer security threats"

    http://www.linuxnews.com/stories.php?story=01/05/02/2374775
    
    Posted by Dave Van Abel on Wednesday May 02 2001 @ 10:52AM MDT
    
    
    Most corporations allow users to access the outside world for HTTP,
    FTP & Telnet. However, access via "Secure Shell" is often blocked (as
    was my situation in Corporate America). There is a work-around that is
    pretty easy.
    
    Listed below are the four easy steps taken to get Secure Shell access
    without firewall changes:
    
    OS used = Linux, SuSE7.1 Pro, Linux Kernel 2.4
    
    Server edits required: /etc/services, /etc/inetd.conf &
    /etc/rc.config, all of which are listed below:
    
    Step 1 - Edit /etc/inetd.conf file:
    
    Comment out telnet line.
    Save and exit.
    
    Step 2 - Edit /etc/services file:
    
    Comment out two telnet lines.
    Copy two ssh lines (assumes you have openssh installed).
    Comment out original two ssh lines.
    Change first ssh line to 23/tcp
    Change second ssh line to 23/udp (I don't know if this is necessary or
    not).
    Save and exit.
    
    Step 3 - Edit /etc/rc.config (I used SuSE's Yast to do this work):
    
    This step assumes you have openssh already installed.
    SSHD_OPTS variable set to "-p 23"
    Exit Yast, changes will be saved.
    
    Edits now done.
    
    Re-boot (a windows feature). In my case, it was easy to re-boot the
    server, so I did.
    
    Step 4 - Configure the SSH Client on your Windows Desktop:
    
    Open your favorite SSH Client. If you have the ability to edit the SSH
    Server Port, change it to "23" and save.
    
    Depending on your client, the port may or may not be something you can
    configure.
    
    Now connect via your Secure Shell Client.
    
    Comments -
    
    This is how I solved this problem. I suspect there are many more ways
    to do the same thing, so comments appreciated.
    
    Enjoy!
    
    
    PS: Your telnet access is now disabled on your server, which is what
    you want anyway.
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email LISTSERVat_private with a message body of
    "SIGNOFF ISN".
    



    This archive was generated by hypermail 2b30 : Thu May 03 2001 - 03:44:09 PDT