[Dxspider-support] Connection by SSH

Ichiro Hieda JE1SGH spidersupp at hie.nibh.go.jp
Fri May 5 03:59:49 BST 2000


Hi Dirk and all,

Thank you very much again, Dirk, for the help about SSH as well as
comment on perl 5.6.

Unfortunately after hours struggle with ssh, I can't do hostname basted
login yet (login w/o typing password manually). I read related docs and
mans in the package (2.1.0-noncommercial) and the web site again and
again, and tried and tried with 5 machines ( 3 x86's & 2 ppc's) without
any success. SSH publickey login works and rlogin works (this doesn't
mean jn1zga & jg1ygh rloginable) but SSH hostname based login doesn't! Of
course, still I am missing something important. I give up the method and
found simpler solution. The configuration of firewalls I am struggling
with is like this.

  jn1zga---firewall1----internet----firewall2---jg1ygh

By ssh, jn1zga can directly connect to jg1ygh. The firewall1 is an
ordinary SUN workstation. Jg1ygh can login by normal telnet to firewall1
and then connect to jn1zga by telnet as well.

As firewall1 is an official machine, it appears strange that someone
outside of the organization is connecting 24h a day & 356 days a year to
the machine. I may need to reconfigure the connection in the future.

In article <XFMail.20000502111326.djk at tobit.co.uk>, djk at tobit.co.uk (Dirk
Koopman) wrote:

> If this isn't secure enough then I would be quite interested in the
reasons
> why. As this will mean that your node will connect direct to port 1999
and it
> will start straight away in protocol, there is no intermediate step
thru a
> shell and no password sent in clear. Also the line in /etc/hosts.allow
means
> that it will only allow  nibh.go.jp to connect on that port.

I can't understand the real reason either. This is Japan-wide trend. I
agree the way you suggest is safe enough (or nothing is safe enough HI).
The firewall2 is the firewall for the entire university (very large
univ). Because the tops of organizations don't understand what is the
internet, they tend to think the more restriction, the safer. It is very
difficult for us to get exceptional permission for port 1999, because the
security policy is university-wide. This trend gives users more harms
than benefits & safety I believe.

> Sorry, no it hasn't, the From: line doesn't contain the email address
in the
> correct format. Just put the actual email address at the end in < and >
and
> it should work.

Still I am not sure if the sender of this mail is that of my subscribed
address. I forget what address is used to subscribe this ML. Please let
me know if it isn't.

Another headache is FBB link of jn1zga & jg1ygh. xfbb telnet implement
doesn't seem to work for hop-step telnet connection.

Best regards,
Ichiro
JE1SGH

-----
Ichiro Hieda
JE1SGH at JE1YCK.14.JNET1.JPN.AS
http://ocean.kz.tsukuba.ac.jp/~je1sgh/







More information about the Dxspider-support mailing list