?
Solved

How to open port 22 for ssh on PIX501 and Windows Server 2003?

Posted on 2004-12-01
7
Medium Priority
?
643 Views
Last Modified: 2008-01-16
I would like to setup a secure shell (ssh) link to a windows 2003 server through a pix501 firewall.  How would I do this on the windows server and the pix??
0
Comment
Question by:compinfo
  • 3
  • 3
7 Comments
 
LVL 11

Assisted Solution

by:billwharton
billwharton earned 1000 total points
ID: 12721801
Are you trying to connect from the Internet to the server on the inside network?

If yes, you would simply modify the already present access list on the outside interface or create a new one:
access-list 100 permit tcp any host <server.ip> eq 22

You would need to run a SSH server on the server as Windows 2003 doesn't have an in-built one. There are freeware SSH servers & clients.
http://sshwindows.sourceforge.net/

0
 
LVL 36

Accepted Solution

by:
grblades earned 1000 total points
ID: 12724119
Hi compinfo,
Paste the following into your PIX configuration:-

static (inside,outside) tcp interface ssh <IP-ADDRESS-OF-WIN2K-SERVER> ssh netmask 255.255.255.255 0 0
access-list outside_in permit tcp any any eq 22
access-group outside_in in interface outside

If you already have an access-list applied to the outside interface just add the 'access-list' line above to it and the 'static' line.
0
 

Author Comment

by:compinfo
ID: 12727216
Thanks billwharton and grblades, I will try these suggestions this evening and get back with you.
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Author Comment

by:compinfo
ID: 12740747
Hmm...  I'm almost there,  just on the SSH, when I try to connect, after I put in the password, I get this error and the connection closes:

setgid: Invalid argument

*  Also, when I tried to setup a domain group in openssh, it wouldn't let me, only local, so I added my user to the local group.  This server is not part of any windows domains, just a workgroup with only itself in it.

Any ideas?
0
 
LVL 11

Expert Comment

by:billwharton
ID: 12740794
compinfo

i am not sure which ssh server or client you are using. I would suggest you post on the Windows forum as the firewalls forum might not have too many people who have worked with those particular applications.

I have set one up long back; Grblades might have more info for you.

To see if the firewall is successfully passing packets to the windows server, telnet to this from the internet:
telnet <pix outside ip> 22
0
 

Author Comment

by:compinfo
ID: 12746129
I'm using openssh as grblades suggested.  I will have to say that since that was not part of my original question, I will repost and award the points to both answers since you both helped with getting through the pix!  Thanks, Compinfo
0
 
LVL 11

Expert Comment

by:billwharton
ID: 12746445
Thx for the points compinfo

btw, i was the one to suggest openSSH :)
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Screencast - Getting to Know the Pipeline
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question