openssh unix dev - Apr 2000 - BNon-member submission from [Randy Dunlap <randy.dunlap@intel.com>] (fwd)

From: Randy Dunlap <randy.dunlap at intel.com>
To: openssh-unix-dev at mindrot.org
Subject: using proxy & firewall

Hi,

(Please cc me on replies.  I'm not subscribed.)

I'm new to using ssh and I'm having some beginner
problems -- I hope.

I've having some trouble using openssh thru a firewall
to sourceforge.net.  I'm using Linux (was RedHat 2.2.x,
but now is 2.3.99).  openssh is version 1.2.3.

~rdunlap/.ssh/config contains:
+++++++++++++++++++++++++++++++++
Host *.sourceforge.net
  Compression no
  ProxyCommand ssh proxy.fm.intel.com
  User rdunlap
# end.
+++++++++++++++++++++++++++++++


/etc/ssh/ssh_config contains defaults:
++++++++++++++++++++++++++++++
Host *
	ForwardAgent no
	ForwardX11 no
	FallBackToRsh no
	CheckHostIP yes
	StrictHostKeyChecking no
++++++++++++++++++++++++++++++++

The networking people told me that I need to get
to proxy.fm.intel.com port 1080.  Is that what
ProxyCommand is doing?

Am I using this correctly, incorrectly, anywhere close to
correct?  I don't quite understand what parameter(s) (string)
to use on "ProxyCommand".

I run:
  ssh -v linux-usb.sourceforge.net

and get this:
[rdunlap at dragon rdunlap]$ ssh -v linux-usb.sourceforge.net
SSH Version OpenSSH-1.2.3, protocol version 1.5.
Compiled with SSL.
debug: Reading configuration data /home/rdunlap/.ssh/config
debug: Applying options for *.sourceforge.net
debug: Reading configuration data /etc/ssh/ssh_config
debug: Applying options for *
debug: ssh_connect: getuid 500 geteuid 0 anon 0
debug: Executing proxy command:  ssh proxy.fm.intel.com
Pseudo-terminal will not be allocated because stdin is not a terminal.
Warning: Permanently added 'proxy.fm.intel.com,132.233.247.4' to the
list of known hosts.
rdunlap at proxy.fm.intel.com's password: 

Do I need a userid/password on the proxy (server) system?
It asks me for the password for user rdunlap.
After 3 bad passwords, it exits (which is OK).

The next time that I run the same command, I get this:

[rdunlap at dragon rdunlap]$ ssh -v linux-usb.sourceforge.net
SSH Version OpenSSH-1.2.3, protocol version 1.5.
Compiled with SSL.
debug: Reading configuration data /home/rdunlap/.ssh/config
debug: Applying options for *.sourceforge.net
debug: Reading configuration data /etc/ssh/ssh_config
debug: Applying options for *
debug: ssh_connect: getuid 500 geteuid 0 anon 0
debug: Executing proxy command:  ssh proxy.fm.intel.com
Pseudo-terminal will not be allocated because stdin is not a terminal.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle
attack)!
It is also possible that the host key has just been changed.
Please contact your system administrator.
Add correct host key in /home/rdunlap/.ssh/known_hosts to get rid of
this message.
Password authentication is disabled to avoid trojan horses.
Permission denied.
ssh_exchange_identification: Connection closed by remote host
debug: Calling cleanup 0x805545c(0x0)
[rdunlap at dragon rdunlap]$ 

Do I have to wait N minutes before I try to login to the
proxy server again?  (I know, this isn't an ssh problem.)

I'd sure appreciate some help or guidance or a howto get
started.


Thanks,
~Randy
-- 
___________________________________________________
|Randy Dunlap     Intel Corp., DAL    Sr. SW Engr.|
|randy.dunlap.at.intel.com            503-696-2055|
|NOTE:  Any views presented here are mine alone   |
|and may not represent the views of my employer.  |
|_________________________________________________|