Free Downloads, Community Forum,
FAQs and Developer Resources


Make /Tools Your Home | Link to us

Today's posts | Posts since last visit | Most Active Topics

All Forums Register Login Search Subscriptions My Profile Inbox
Tool Warehouse FAQs Resources Help Member List Address Book Logout

ZoneAlarm blocking sshd (and telnet)

 
Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [SFU / Interix / SUA Technology] >> SFU / Interix - Getting Started >> ZoneAlarm blocking sshd (and telnet) Page: [1]
Login
Message << Older Topic   Newer Topic >>
ZoneAlarm blocking sshd (and telnet) - Mar. 12, '04, 7:10:13 PM   
poitras

 

Posts: 2
Joined: Mar. 10, '04,
Status: offline
Hello,
I've installed sshd as an inetd service, but when ZoneAlarm is running (the free one), I get this:

[/usr/local/etc:14]ssh localhost
ssh: connect to host localhost port 22: Connection refused

I Google'd and found a suggestion to set UsePrivilegeSeparation to "no" in the sshd_config file, but that's the default for the interix install I did...

Has anyone got this combination running? I'm thinking that perhaps I should run sshd as a regular Windows service instead of via inetd. I'll try that and post back if it works.
Post #: 1
RE: ZoneAlarm blocking sshd (and telnet) - Mar. 12, '04, 8:09:34 PM   
markfunk

 

Posts: 673
Joined: Mar. 31, '03,
Status: offline
sshd is not recommended to be run via inetd. If you're confident that it will work for you, then go for it. Otherwise, stick to letting it start up as a standalone daemon started by /etc/init.d.
Trying to run sshd as a Windows service is probably a waste of time.
Some UNIX daemons have to be modified to run as a Windows service. I don't know if sshd qualifies in this regard.

And running as a service doesn't change your problem. You still need to open up the port through your firewall.
If you have 2 ethernet cards, then you could try specifying the IP address of the ethernet that is not being protected by ZoneAlarm.

You could always turn ZoneAlarm off first, make sure sshd is indeed working for you and then turn ZoneAlarm back on and open up the appropriate port.

(in reply to poitras)
Post #: 2
RE: ZoneAlarm blocking sshd (and telnet) - Mar. 12, '04, 8:24:01 PM   
Rodney

 

Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
DON'T try and run it as a Windows service.
It won't further what you are trying do.

When you installed ssh (I assume from the package) then it has
already set up all of the files for sshd to be started as a
daemon at boot/reboot time. By placing sshd in the /etc/inetd.conf
file you risk running two sshd's at the same time.

You need to adjust the configuration of ZoneAlarm to open
port 22. There is (or supposed to be) an options window
where you can change the settings for the ports from the
default. From what I've read this should be pretty clear.

(in reply to markfunk)
Post #: 3
RE: ZoneAlarm blocking sshd (and telnet) - Mar. 13, '04, 12:16:33 AM   
poitras

 

Posts: 2
Joined: Mar. 10, '04,
Status: offline
I guess I was thinking that ssh needed to be installed like telnet. I can't remember now when I discovered that ZoneAlarm was the culprit in stopping both from working.

I've backed out my inetd.conf change and sshd is starting correctly. ZoneAlarm Pro (the commercial product) might have settings to handle this better.

The problem seems to be that the free version doesn't recognize that these programs need to be identified as servers. Normally when a new program attempts to become a server, ZoneAlarm will pop up a dialog box to let you add it to the list. In this case, it just silently refuses to let the traffic through. If I set the program control setting to "off" then everything works fine. This isn't really how I'd like to run though, since the value of ZoneAlarm for me (I have a NAT firewall) is catching spyware. I tried manually adding sshd (it complained that it didn't look like a program, probably because it didn't end in '.exe'), but that didn't help. The log shows the incoming request to port 22 being blocked, but I don't see anywhere to open that up (and if I did, I'd only want it opened on the "trusted" and not "internet" zone.)

I probably need to ask this on a ZoneAlarm forum as it seems to be a bug in ZoneAlarm in regards to non-exe programs.

(in reply to Rodney)
Post #: 4
Page:   [1]
All Forums >> [SFU / Interix / SUA Technology] >> SFU / Interix - Getting Started >> ZoneAlarm blocking sshd (and telnet) Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Search All Forums -

Advanced search


SPONSORS



Forum Software © ASPPlayground.NET Advanced Edition 2.5 ANSI

0.031