[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] RE: problem using SSH-- Help please!!!
Sorry me again, just some follow up. I am able to do SSH from the firewall to the host (100.101.70.90) without problem, there was something I missed during my installation. But the problem now I failed to SSH from the host (100.101.70.90) to the firewall Messages like "Secure connection to FW refused". Is there something to do with the FW's inetd.conf file, as I only enable FTP and telnet there?? Any Idea? -----Original Message----- From: Sim, CT (Chee Tong) Sent: Monday, September 03, 2001 3:29 PM Subject: problem using SSH-- Help please!!! Dear all, I have just installed open-ssh on my solaris Check point firewall. The installation is successful. But when I tried to use SSH to connect to another host (100.101.70.90) it prompts me a message (ld.so.1: ssh: fatal: libz.so: open failed: No such file or directory Killed )as below. May I know what is that mean? FYI, I had open the port TCP-22, and UDP22 for SSH between the FW and the host (100.101.70.90). Are they the right ports?? Besides, I want to know whether I need to amend the inetd.conf file or not. As I only enable FTP and Telnet before I install SSH. I thought after installation we should have a entry like "ssh stream tcp nowait root /usr/sbin/in.sshd in.sshd" or something like that?? Is that true?? Is yes, should we add the entry manually or if not, what should we do in order to get it work. bash-2.00# ssh 100.101.70.90 ld.so.1: ssh: fatal: libz.so: open failed: No such file or directory Killed bash-2.00# which ssh /usr/local/bin/ssh bash-2.00# more /etc/inetd.conf # #ident "@(#)inetd.conf 1.27 96/09/24 SMI" /* SVr4.0 1.5 */ # # # Configuration file for inetd(1M). See inetd.conf(4). # # To re-configure the running inetd process, edit this file, then # send the inetd process a SIGHUP. # # Syntax for socket-based Internet services: # <service_name> <socket_type> <proto> <flags> <user> <server_pathname> <args> # # Syntax for TLI-based Internet services: # # <service_name> tli <proto> <flags> <user> <server_pathname> <args> # # Ftp and telnet are standard Internet services. # ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd # # Tnamed serves the obsolete IEN-116 name server protocol. # ##name dgram udp wait root /usr/sbin/in.tnamed in.tnamed # # Shell, login, exec, comsat and talk are BSD protocols. # # shell stream tcp nowait root /usr/sbin/in.rshd in.rshd # login stream tcp nowait root /usr/sbin/in.rlogind in.rlogind # exec stream tcp nowait root /usr/sbin/in.rexecd in.rexecd # comsat dgram udp wait root /usr/sbin/in.comsat in.comsat # talk dgram udp wait root /usr/sbin/in.talkd in.talkd # # Must run as root (to read /etc/shadow); "-n" turns off logging in utmp/wtmp. # # uucp stream tcp nowait root /usr/sbin/in.uucpd in.uucpd # # Tftp service is provided primarily for booting. Most sites run this # only on machines acting as "boot servers." # # tftp dgram udp wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot # # Finger, systat and netstat give out user information which may be # valuable to potential "system crackers." Many sites choose to disable # some or all of these services to improve security. # # finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd # systat stream tcp nowait root /usr/bin/ps ps -ef # netstat stream tcp nowait root /usr/bin/netstat netstat -f inet # # Time service is used for clock synchronization. # # time stream tcp nowait root internal # time dgram udp wait root internal # # Echo, discard, daytime, and chargen are used primarily for testing. # # echo stream tcp nowait root internal # echo dgram udp wait root internal # discard stream tcp nowait root internal # discard dgram udp wait root internal # daytime stream tcp nowait root internal # daytime dgram udp wait root internal # chargen stream tcp nowait root internal # chargen dgram udp wait root internal # # # RPC services syntax: # <rpc_prog>/<vers> <endpoint-type> rpc/<proto> <flags> <user> \ # <pathname> <args> # # <endpoint-type> can be either "tli" or "stream" or "dgram". # For "stream" and "dgram" assume that the endpoint is a socket descriptor. # <proto> can be either a nettype or a netid or a "*". The value is # first treated as a nettype. If it is not a valid nettype then it is # treated as a netid. The "*" is a short-hand way of saying all the # transports supported by this system, ie. it equates to the "visible" # nettype. The syntax for <proto> is: # *|<nettype|netid>|<nettype|netid>{[,<nettype|netid>]} # For example: # dummy/1 tli rpc/circuit_v,udp wait root /tmp/test_svc test_svc # # Solstice system and network administration class agent server # 100232/10 tli rpc/udp wait root /usr/sbin/sadmind sadmind # # Rquotad supports UFS disk quotas for NFS clients # # rquotad/1 tli rpc/datagram_v wait root /usr/lib/nfs/rquotad rquotad # # The rusers service gives out user information. Sites concerned # with security may choose to disable it. # # rusersd/2-3 tli rpc/datagram_v,circuit_v wait root /usr/lib/netsvc/rusers/r pc.rusersd rpc.rusersd # # The spray server is used primarily for testing. # ## sprayd/1 tli rpc/datagram_v wait root /usr/lib/netsvc/spray/rpc.sprayd rp c.sprayd # # The rwall server allows others to post messages to users on this machine. # # walld/1 tli rpc/datagram_v wait root /usr/lib/netsvc/rwall/rpc.rwalld rpc.rwalld # # Rstatd is used by programs such as perfmeter. # # rstatd/2-4 tli rpc/datagram_v wait root /usr/lib/netsvc/rstat/rpc.rstatd rpc.rstatd # # The rexd server provides only minimal authentication and is often not run # # rexd/1 tli rpc/tcp wait root /usr/sbin/rpc.rexd rpc.rexd # # rpc.cmsd is a data base daemon which manages calendar data backed # by files in /var/spool/calendar # # # Sun ToolTalk Database Server # # # UFS-aware service daemon # # ufsd/1 tli rpc/* wait root /usr/lib/fs/ufs/ufsd ufsd -p # # Sun KCMS Profile Server # # 100221/1 tli rpc/tcp wait root /usr/openwin/bin/kcms_server kcms_server # # Sun Font Server # # fs stream tcp wait nobody /usr/openwin/lib/fs.auto fs # # CacheFS Daemon # # 100235/1 tli rpc/tcp wait root /usr/lib/fs/cachefs/cachefsd cachefsd # # Kerbd Daemon # # kerbd/4 tli rpc/ticlts wait root /usr/sbin/kerbd kerbd # # Print Protocol Adaptor - BSD listener # ##printer stream tcp nowait root /usr/lib/print/in.lpd in.lpd ##dtspc stream tcp nowait root /usr/dt/bin/dtspcd /usr/dt/bin/dtspcd # xaudio stream tcp wait root /usr/openwin/bin/Xaserver Xaserver -noauth -inetd # 100068/2-5 dgram rpc/udp wait root /usr/dt/bin/rpc.cmsd rpc.cmsd # 100083/1 tli rpc/tcp wait root /usr/dt/bin/rpc.ttdbserverd /usr/dt/bin/rpc.ttdbserverd bash-2.00# bash-2.00# pkgadd SMCossh Processing package instance <SMCossh> from </var/spool/pkg> openssh (sparc) 2.9p2 The OpenSSH Group Using </usr/local> as the package base directory. ## Processing package information. ## Processing system information. 4 package pathnames are already properly installed. ## Verifying disk space requirements. ## Checking for conflicts with packages already installed. ## Checking for setuid/setgid programs. Installing openssh as <SMCossh> ## Installing part 1 of 1. /usr/local/bin/scp /usr/local/bin/sftp /usr/local/bin/slogin <symbolic link> /usr/local/bin/ssh /usr/local/bin/ssh-add /usr/local/bin/ssh-agent /usr/local/bin/ssh-keygen /usr/local/bin/ssh-keyscan /usr/local/doc/openssh/CREDITS /usr/local/doc/openssh/ChangeLog /usr/local/doc/openssh/INSTALL /usr/local/doc/openssh/LICENCE /usr/local/doc/openssh/OVERVIEW /usr/local/doc/openssh/README /usr/local/doc/openssh/RFC.nroff /usr/local/doc/openssh/TODO /usr/local/doc/openssh/WARNING.RNG /usr/local/etc/primes /usr/local/etc/ssh_config /usr/local/etc/ssh_prng_cmds /usr/local/etc/sshd_config /usr/local/libexec/sftp-server /usr/local/man/man1/scp.1 /usr/local/man/man1/sftp.1 /usr/local/man/man1/slogin.1 <symbolic link> /usr/local/man/man1/ssh-add.1 /usr/local/man/man1/ssh-agent.1 /usr/local/man/man1/ssh-keygen.1 /usr/local/man/man1/ssh-keyscan.1 /usr/local/man/man1/ssh.1 /usr/local/man/man8/sftp-server.8 /usr/local/man/man8/sshd.8 /usr/local/sbin/sshd [ verifying class <none> ] Installation of <SMCossh> was successful. ================================================================== De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. ================================================================== The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. ================================================================== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|