Re: Publishing a SSH Server

Hi
Your unix box cannot reply to SSH request, try below?
Create a client address set for your unix box (ip address from to are the
same), then create a new site and content rule to allow your unix box
outbound access to all external, like this
Rule = enable
Destinations = all external
schedule = always
action = allowed
applies to = client address set specified below (the unix box ip address)
http content = all content groups

This worked for me on ISA 2000 and 2004, I hope this helps you

Regards

Steve




"Jim Harrison (MSFT)" wrote:

What do your ISA logs show for that traffic?
Have you gathered a network capture to see what is happening "on the wire"?
--
--
Jim Harrison [ISA SE]
Read the help, books and articles!

This posting is provided "AS IS" with no warranties, and confers no rights.

"Wilmar" <Wilmar@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:F238B6BA-7E2E-4190-807A-7F1275CC409A@xxxxxxxxxxxxxxxx
Hello Jim

In that case the server is a SecureNET client but still it doesn't work....
I'm really clueless with this thing. What would you do?

Regards

"Jim Harrison (MSFT)" wrote:

The IP settings on that box will use the ISA as the "last hop" to the Internet.
If ISA and the Linux box are in the same subnet, it will use the ISA internal IP as its default gateway.
If not, it will use the default gateway of the nearest router and your routing chain will use the ISA as the "last hop".
--
--
Jim Harrison [ISA SE]
Read the help, books and articles!

This posting is provided "AS IS" with no warranties, and confers no rights.

"Wilmar" <Wilmar@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:5F275AFB-49DA-4566-92A5-4ABAE438D95B@xxxxxxxxxxxxxxxx
I'm testing from the external network. From the internal network and from
the ISA Local I can access the SSH server without problem. Just a question:
the SSH server run on a Linux box, do you know how I make sure it's running
as a SecureNET client?

Thanks

"Jim Harrison (MSFT)" wrote:

That's a potentially important point.
Server publishing requires that the published server be configured as a SecureNET client (uses ISA as the "last hop" to the
Internet)
Web publishing does not.

Where are you testing from; internal, ISA-local or external?
--
--
Jim Harrison [ISA SE]
Read the help, books and articles!

This posting is provided "AS IS" with no warranties, and confers no rights.

"Wilmar" <Wilmar@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:3181A0DA-5D11-4D28-8502-510F81D0D89D@xxxxxxxxxxxxxxxx
Hello Jim

I also would like to let you know that in the same SSH server I'm trying to
publish, there's also a Web server that works without any problem and which I
was able to publish without any complication.

Thanks

"Jim Harrison (MSFT)" wrote:

Exactly how is your custom protocol defined?
What is the defined relationship between the two networks; NAT or route?

--
--
Jim Harrison [ISA SE]
Read the help, books and articles!

This posting is provided "AS IS" with no warranties, and confers no rights.

"Wilmar" <Wilmar@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:AB9855CA-9D3C-44E7-9277-CCDEF8C0F20E@xxxxxxxxxxxxxxxx
Hello everybody.

I'm trying to publish an internal SSH server without much success so far.
What I did was to use the Server Publishing Rule and createa SSH server
protocol listening on inbound connection to port 22 through the external
interface and redirecting the request to the internal IP address of the SSH
server. Everytime I try to connect from an external clients the connection
just gets drop by the Default Rule.

I hope anyone can give me a hint on this.

Thanks a lot.

Wilmar












.

Relevant Pages

  • RE: sloww web browsing
    ... and ISA 2004, the internet access became slower than it used to be. ... Open the ISA Server management console, ... Click Start, point to Programs, point to Microsoft ISA server, and then ... will you be able to access the internet from the internal client ...
    (microsoft.public.windows.server.sbs)
  • Re: Explanation of SSH
    ... I am still unclear on how SSH works exactly. ... Client issues SSH command and names server ... "Shopper" says "server sends back its public host and server keys ... Surely there is only one public key it sends ...
    (comp.security.ssh)
  • RE: OWA page not displayed Outside
    ... Open ISA 2006 management console. ... Expand the server node and highlight 'Monitoring'. ... Click 'Configure Firewall Logging'. ... |> internal client as both the web proxy client and firewall client? ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA firewall block outgoing email.
    ... I cannot send/receive email to the POP3 account unless I turn off the firewall in the CEICW. ... (This server is behind a router so I felt the test was safe enough to turn off the firewall). ... As I said, there is no need to add a hole for port 110, If the ISA client is installed on the workstation, Outlook will deliver the email. ...
    (microsoft.public.windows.server.sbs)
  • Re: ssh security question
    ... In my case - the client is a windows client and the ssh is embedded into the windows nx client. ... Is there any reason I can't run ssh-keygen on the server and copy the private key to the client - and the public key to the "authorised" directory? ... sniffer can catch your passwords, and it would make it trivial to log in ...
    (SSH)