From owner-freebsd-questions Sat Oct 26 19: 8: 8 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE74737B401 for ; Sat, 26 Oct 2002 19:08:06 -0700 (PDT) Received: from pursued-with.net (adsl-66-125-9-242.dsl.sndg02.pacbell.net [66.125.9.242]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4C97D43E65 for ; Sat, 26 Oct 2002 19:08:06 -0700 (PDT) (envelope-from Kevin_Stevens@pursued-with.net) Received: from pursued-with.net (fffinch [192.168.168.101]) by pursued-with.net (8.12.6/8.12.5) with ESMTP id g9R286sG001585; Sat, 26 Oct 2002 19:08:06 -0700 (PDT) (envelope-from Kevin_Stevens@pursued-with.net) Date: Sat, 26 Oct 2002 19:08:05 -0700 Subject: Re: problems w/ trying to telnet to my cisco router by tunneling through ssh Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v546) Cc: freebsd-questions@FreeBSD.ORG To: Bsd Neophyte From: Kevin Stevens In-Reply-To: <20021027013752.47090.qmail@web20101.mail.yahoo.com> Message-Id: Content-Transfer-Encoding: 7bit X-Mailer: Apple Mail (2.546) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Saturday, Oct 26, 2002, at 18:37 US/Pacific, Bsd Neophyte wrote: > i was looking at the handbook section on ssh tunneling. to try it out > i > figured i'd try to connect to my 806. > > i entered the following command: > > ssh -2 -N -f -L 5023:localhost:23 (router's ip address) > > and I received this error message: > > ssh: connect to address (router's ip address) port 22: Connection > refused > > i thought tunneling like this took port 22 out of the equation? No, you still have to terminate in a specific port. > i didn't have any ACL's on the router... and i tried adding a simple > ACL > to allow unrestricted inward access to my router from my FreeBSD box. You have to set up SSH on the router: ip ssh time-out 60 ip ssh authentication-retries 2 and line vty 0 4 exec-timeout 0 0 password 7 xxxxxxxxxxxxxxxxxx length 0 transport input ssh I beleive you also need to set up a user to authenticate against, rather than just an access password. I ssh from my freebsd box to my 806 all the time: ssh username@host. KeS (BTW - an aside to the list: the 806 is the cheapest Cisco router you can buy that has two Ethernet interfaces - ~$300 new on eBay. You can run a full IOS with firewall feature set and VPN capability on it, with a couple of minor omissions like OSPF/BGP. A very useful investment if you're interested in Cisco routing, and works great as an internet firewall.) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message