NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] RE: problem using SSH-- Help please!!!



Sorry me again, just some follow up.  I am able to do SSH from the firewall
to the host (100.101.70.90) without problem, there was something I missed
during my installation.  But the problem  now I failed to SSH from the host
(100.101.70.90) to the firewall  Messages like "Secure connection to FW
refused".  Is there something to do with the FW's inetd.conf file, as I only
enable FTP and telnet there??   Any Idea?

		-----Original Message-----
		From:	Sim, CT (Chee Tong) 
		Sent:	Monday, September 03, 2001 3:29 PM
		Subject:	problem using SSH-- Help please!!!

		Dear all,

		I have just installed open-ssh on my solaris Check point
firewall.  The installation is successful. But when I tried to use SSH to
connect to another host (100.101.70.90) it prompts me a message (ld.so.1:
ssh: fatal: libz.so: open failed: No such file or directory Killed )as
below.  May I know what is that mean?  FYI, I had open the port TCP-22, and
UDP22 for SSH between the FW and the host  (100.101.70.90).  Are they the
right ports??     Besides, I want to know whether I need to amend the
inetd.conf file or not.  As I only enable FTP and Telnet before I install
SSH. I thought after installation we should have a entry like "ssh stream
tcp     nowait  root    /usr/sbin/in.sshd       in.sshd" or something like
that??  Is that true?? Is yes, should we add the entry manually or if not,
what should we do in order to get it work.



		bash-2.00# ssh 100.101.70.90
		ld.so.1: ssh: fatal: libz.so: open failed: No such file or
directory
		Killed
		bash-2.00# which ssh
		/usr/local/bin/ssh


		bash-2.00# more /etc/inetd.conf
		#
		#ident  "@(#)inetd.conf 1.27    96/09/24 SMI"   /* SVr4.0
1.5   */
		#
		#
		# Configuration file for inetd(1M).  See inetd.conf(4).
		#
		# To re-configure the running inetd process, edit this file,
then
		# send the inetd process a SIGHUP.
		#
		# Syntax for socket-based Internet services:
		#  <service_name> <socket_type> <proto> <flags> <user>
<server_pathname> <args>
		#
		# Syntax for TLI-based Internet services:
		#
		#  <service_name> tli <proto> <flags> <user>
<server_pathname> <args>
		#
		# Ftp and telnet are standard Internet services.
		#
		ftp     stream  tcp     nowait  root    /usr/sbin/in.ftpd
in.ftpd
		telnet  stream  tcp     nowait  root    /usr/sbin/in.telnetd
in.telnetd
		#
		# Tnamed serves the obsolete IEN-116 name server protocol.
		#
		##name  dgram   udp     wait    root    /usr/sbin/in.tnamed
in.tnamed
		#
		# Shell, login, exec, comsat and talk are BSD protocols.
		#
		# shell stream  tcp     nowait  root    /usr/sbin/in.rshd
in.rshd
		# login stream  tcp     nowait  root    /usr/sbin/in.rlogind
in.rlogind
		# exec  stream  tcp     nowait  root    /usr/sbin/in.rexecd
in.rexecd
		# comsat        dgram   udp     wait    root
/usr/sbin/in.comsat     in.comsat
		# talk  dgram   udp     wait    root    /usr/sbin/in.talkd
in.talkd
		#
		# Must run as root (to read /etc/shadow); "-n" turns off
logging in utmp/wtmp.
		#
		# uucp  stream  tcp     nowait  root    /usr/sbin/in.uucpd
in.uucpd
		#
		# Tftp service is provided primarily for booting.  Most
sites run this
		# only on machines acting as "boot servers."
		#
		# tftp  dgram   udp     wait    root    /usr/sbin/in.tftpd
in.tftpd -s /tftpboot
		#
		# Finger, systat and netstat give out user information which
may be
		# valuable to potential "system crackers."  Many sites
choose to disable
		# some or all of these services to improve security.
		#
		# finger        stream  tcp     nowait  nobody
/usr/sbin/in.fingerd    in.fingerd
		# systat        stream  tcp     nowait  root    /usr/bin/ps
ps -ef
		# netstat       stream  tcp     nowait  root
/usr/bin/netstat        netstat -f inet
		#
		# Time service is used for clock synchronization.
		#
		# time  stream  tcp     nowait  root    internal
		# time  dgram   udp     wait    root    internal
		#
		# Echo, discard, daytime, and chargen are used primarily for
testing.
		#
		# echo  stream  tcp     nowait  root    internal
		# echo  dgram   udp     wait    root    internal
		# discard       stream  tcp     nowait  root    internal
		# discard       dgram   udp     wait    root    internal
		# daytime       stream  tcp     nowait  root    internal
		# daytime       dgram   udp     wait    root    internal
		# chargen       stream  tcp     nowait  root    internal
		# chargen       dgram   udp     wait    root    internal
		#
		#
		# RPC services syntax:
		#  <rpc_prog>/<vers> <endpoint-type> rpc/<proto> <flags>
<user> \
		#  <pathname> <args>
		#
		# <endpoint-type> can be either "tli" or "stream" or
"dgram".
		# For "stream" and "dgram" assume that the endpoint is a
socket descriptor.
		# <proto> can be either a nettype or a netid or a "*". The
value is
		# first treated as a nettype. If it is not a valid nettype
then it is
		# treated as a netid. The "*" is a short-hand way of saying
all the
		# transports supported by this system, ie. it equates to the
"visible"
		# nettype. The syntax for <proto> is:
		#
*|<nettype|netid>|<nettype|netid>{[,<nettype|netid>]}
		# For example:
		# dummy/1       tli     rpc/circuit_v,udp       wait    root
/tmp/test_svc   test_svc
		#
		# Solstice system and network administration class agent
server
		# 100232/10     tli     rpc/udp wait root /usr/sbin/sadmind
sadmind
		#
		# Rquotad supports UFS disk quotas for NFS clients
		#
		# rquotad/1     tli     rpc/datagram_v  wait root
/usr/lib/nfs/rquotad  rquotad
		#
		# The rusers service gives out user information.  Sites
concerned
		# with security may choose to disable it.
		#
		# rusersd/2-3   tli     rpc/datagram_v,circuit_v        wait
root /usr/lib/netsvc/rusers/r
		pc.rusersd      rpc.rusersd
		#
		# The spray server is used primarily for testing.
		#
		## sprayd/1     tli     rpc/datagram_v  wait root
/usr/lib/netsvc/spray/rpc.sprayd      rp
		c.sprayd
		#
		# The rwall server allows others to post messages to users
on this machine.
		#
		# walld/1               tli     rpc/datagram_v  wait root
/usr/lib/netsvc/rwall/rpc.rwalld
		        rpc.rwalld
		#
		# Rstatd is used by programs such as perfmeter.
		#
		# rstatd/2-4    tli   rpc/datagram_v wait root
/usr/lib/netsvc/rstat/rpc.rstatd rpc.rstatd
		#
		# The rexd server provides only minimal authentication and
is often not run
		#
		# rexd/1          tli  rpc/tcp wait root /usr/sbin/rpc.rexd
rpc.rexd
		#
		# rpc.cmsd is a data base daemon which manages calendar data
backed
		# by files in /var/spool/calendar
		#
		#
		# Sun ToolTalk Database Server
		#
		#
		# UFS-aware service daemon
		#
		# ufsd/1        tli     rpc/*   wait    root
/usr/lib/fs/ufs/ufsd    ufsd -p
		#
		# Sun KCMS Profile Server
		#
		# 100221/1      tli     rpc/tcp wait root
/usr/openwin/bin/kcms_server  kcms_server
		#
		# Sun Font Server
		#
		# fs            stream  tcp     wait nobody
/usr/openwin/lib/fs.auto    fs
		#
		# CacheFS Daemon
		#
		# 100235/1 tli rpc/tcp wait root
/usr/lib/fs/cachefs/cachefsd cachefsd
		#
		# Kerbd Daemon
		#
		# kerbd/4         tli     rpc/ticlts      wait    root
/usr/sbin/kerbd        kerbd
		#
		# Print Protocol Adaptor - BSD listener
		#
		##printer               stream  tcp     nowait  root
/usr/lib/print/in.lpd   in.lpd
		##dtspc stream tcp nowait root /usr/dt/bin/dtspcd
/usr/dt/bin/dtspcd
		# xaudio   stream tcp   wait root /usr/openwin/bin/Xaserver
Xaserver -noauth -inetd
		# 100068/2-5 dgram rpc/udp wait root /usr/dt/bin/rpc.cmsd
rpc.cmsd
		# 100083/1 tli rpc/tcp wait root /usr/dt/bin/rpc.ttdbserverd
/usr/dt/bin/rpc.ttdbserverd
		bash-2.00#





		bash-2.00# pkgadd SMCossh

		Processing package instance <SMCossh> from </var/spool/pkg>

		openssh
		(sparc) 2.9p2
		The OpenSSH Group
		Using </usr/local> as the package base directory.
		## Processing package information.
		## Processing system information.
		   4 package pathnames are already properly installed.
		## Verifying disk space requirements.
		## Checking for conflicts with packages already installed.
		## Checking for setuid/setgid programs.

		Installing openssh as <SMCossh>

		## Installing part 1 of 1.
		/usr/local/bin/scp
		/usr/local/bin/sftp
		/usr/local/bin/slogin <symbolic link>
		/usr/local/bin/ssh
		/usr/local/bin/ssh-add
		/usr/local/bin/ssh-agent
		/usr/local/bin/ssh-keygen
		/usr/local/bin/ssh-keyscan
		/usr/local/doc/openssh/CREDITS
		/usr/local/doc/openssh/ChangeLog
		/usr/local/doc/openssh/INSTALL
		/usr/local/doc/openssh/LICENCE
		/usr/local/doc/openssh/OVERVIEW
		/usr/local/doc/openssh/README
		/usr/local/doc/openssh/RFC.nroff
		/usr/local/doc/openssh/TODO
		/usr/local/doc/openssh/WARNING.RNG
		/usr/local/etc/primes
		/usr/local/etc/ssh_config
		/usr/local/etc/ssh_prng_cmds
		/usr/local/etc/sshd_config
		/usr/local/libexec/sftp-server
		/usr/local/man/man1/scp.1
		/usr/local/man/man1/sftp.1
		/usr/local/man/man1/slogin.1 <symbolic link>
		/usr/local/man/man1/ssh-add.1
		/usr/local/man/man1/ssh-agent.1
		/usr/local/man/man1/ssh-keygen.1
		/usr/local/man/man1/ssh-keyscan.1
		/usr/local/man/man1/ssh.1
		/usr/local/man/man8/sftp-server.8
		/usr/local/man/man8/sshd.8
		/usr/local/sbin/sshd
		[ verifying class <none> ]

		Installation of <SMCossh> was successful.

==================================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en 
de afzender direct te informeren door het bericht te retourneren. 
==================================================================
The information contained in this message may be confidential 
and is intended to be exclusively for the addressee. Should you 
receive this message unintentionally, please do not use the contents 
herein and notify the sender immediately by return e-mail.


==================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.