I am trying to copy a file from the firewall machine to a loc network machine. The loc network machine can connect to the firewall machine using ssh without any problems, but I can not use "scp". I keep getting (at the loc machine): ssh: connect to address 192.168.0.2 port 22: Connection refused lost connection I have the following rule in "rules" file: # Accept SSH connections from the local network for administration # ACCEPT loc fw tcp 22 Do I need to add anything more into any config files? Thanks. BTW, Here is the command I use for scp: $ scp -r user1@fw:/path-to/a_dir user2@loc:
Suren wrote: > I am trying to copy a file from the firewall machine to a loc network > machine. The loc network machine can connect to the firewall machine > using ssh without any problems, but I can not use "scp". I keep > getting (at the loc machine): > ssh: connect to address 192.168.0.2 port 22: Connection refused > lost connection Stupid Question: Is 192.168.0.2 the local IP address of your firewall? > > I have the following rule in "rules" file: > # Accept SSH connections from the local network for administration > # > ACCEPT loc fw tcp 22 > > Do I need to add anything more into any config files? Not in any Shorewall config file, you don''t. > > BTW, Here is the command I use for scp: > $ scp -r user1@fw:/path-to/a_dir user2@loc: > Is sshd running on ''loc'' (whatever system that is....). -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
Suren wrote:> > BTW, Here is the command I use for scp: > $ scp -r user1@fw:/path-to/a_dir user2@loc: >My experimentation suggests that this command runs ssh on ''fw'' and that ''ssh'' process tries to connect to ''loc''. In that case, you WOULD need to add additional rules (fw->loc). -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
coffee();> I am trying to copy a file from the firewall machine to a loc network > machine. The loc network machine can connect to the firewall machine > using ssh without any problems, but I can not use "scp". I keep > getting (at the loc machine): > ssh: connect to address 192.168.0.2 port 22: Connection refused > lost connection > > I have the following rule in "rules" file: > # Accept SSH connections from the local network for administration > # > ACCEPT loc fw tcp 22 > > Do I need to add anything more into any config files? > Thanks. > > BTW, Here is the command I use for scp: > $ scp -r user1@fw:/path-to/a_dir user2@loc:scp does not allow to copy between two remote hosts. % man scp: DESCRIPTION scp copies files between hosts on a network. It uses ssh(1) for data transfer, and uses the same authentication and provides the same security as ssh(1). Unlike rcp(1), scp will ask for passwords or passphrases if they are needed for authentication. Any file name may contain a host and user specification to indicate that the file is to be copied to/from that host. Copies between two remote hosts are permitted. ssh to one host and scp from/to the other. karsten -- Hi, I''m a signature virus. Copy me into your ~/.signature to help me spread!
> coffee();uh, should have been ''need more coffe''...> DESCRIPTION > scp copies files between hosts on a network. It uses ssh(1) for data > transfer, and uses the same authentication and provides the same security > as ssh(1). Unlike rcp(1), scp will ask for passwords or passphrases if > they are needed for authentication. > > Any file name may contain a host and user specification to indicate that > the file is to be copied to/from that host. Copies between two remote > hosts are permitted. > > ssh to one host and scp from/to the other.Thanks Tom, permitted means allowed -- my fault. :-/ Although, I tried it myself before posting this and got instant ''Permission denied'' after entering the first password. It doesn''t work for me and I can remember, I was once told so. Anyway, maybe some options in the ssh conf files? Try ssh to one of the hosts, does that work? brewing coffee... karsten -- Hi, I''m a signature virus. Copy me into your ~/.signature to help me spread!
> Stupid Question: Is 192.168.0.2 the local IP address of yourfirewall? - No, it is the local network machine''s address The fw machines internal network address is 192.168.0.1> Is sshd running on ''loc'' (whatever system that is....).- Yes, it is.> My experimentation suggests that this command runs ssh on ''fw'' and > that ''ssh'' process tries to connect to ''loc''. In that case, you > WOULD need to add additional rules (fw->loc).How can I add safetly so that no one else from the internet can get to local machine? Thanks, Suren
Suren wrote:>>Stupid Question: Is 192.168.0.2 the local IP address of your > > firewall? > - No, it is the local network machine''s address > The fw machines internal network address is 192.168.0.1 > > >>Is sshd running on ''loc'' (whatever system that is....). > > - Yes, it is. > > >>My experimentation suggests that this command runs ssh on ''fw'' and >>that ''ssh'' process tries to connect to ''loc''. In that case, you >>WOULD need to add additional rules (fw->loc). > > > How can I add safetly so that no one else from the internet can get to > local machine? >I''m just saying that you need to allow SSH connections from the firewall to the local network if you want to use the syntax in question. I''m sure you know how to do that... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net