[KLUG Members] IPCOP

[Bruce Smith]

> >1)  You need to turn on SSH in the web configuration interface.
> >2)  SSH runs on a non-standard port on IPCOP (222) 
> >    You must supply the port # as a parameter on each ssh/scp command.
> 
> What is the rationale? 

My _guess_ is for port forwarding purposes.  i.e.  If I want the
firewall to forward port 22 to an computer on my internal LAN, it 
won't conflict with port 22 listening on the firewall.

They also run the web server (for configuration) on a non-standard
port.  For the same reason?

> Are they running sshd as non-root or in a chroot jail?

No, you can slogin to root and get a command prompt (not jailed).

> Or just to try and confuse port scanners?

Maybe, but I doubt it since the port is blocked from the internet 
in the default configuration.

> >3)  You must do each ssh/scp command as user "root", or specify the 
> >    the userid "root" as a parameter to each command.
> > Plus, your scp format is wrong.  Lose the user/host on the infile.
> 
> If he has sshd running on his local box and vanallp@paul is his local user 
> and host name it should still work to specify it, yes?  I've used scp to 
> do third party transfers lots of times, but never a third party from my 
> own box.

I haven't tried it either, and it _may_ work.  IMO, using a format 
that is known to work would be better to debug a problem like this.

> Definition -
> 1st party - Localhost--->Remote
> 1st party - Remote--->Localhost
> 3rd party - (Remote--->Remote) scp issued on Localhost

Using "3rd party", is the transfer done directly from remote to remote? 
Or is it sent from source-remote to localhost to destination-remote?

--------------------------------------------
Bruce Smith                bruce@armintl.com
System Administrator / Network Administrator
Armstrong International, Inc.
Three Rivers, Michigan  49093  USA
http://www.armstrong-intl.com/
--------------------------------------------