HPE Community
Operating System - HP-UX
1827721 Members
2790 Online
109968 Solutions
New Discussion

SSH and secure web console

 
SOLVED
Go to solution
Chris Wong
Trusted Contributor

‎06-27-2003 11:57 AM

‎06-27-2003 11:57 AM

SSH and secure web console

Hi,
I've been working on my HP-SSH tutorial for HP World and gave it to a friend to look over. He said there is one example he would love to see: setting up a SSH tunnel to the "secure" web console. (client-internet-firewall-SWC). I spent about 8 hours working on it, but haven't been successful yet. Before I spend more time, I was wondering if anyone has been successful and if so, could you please share your configuration. Thanks - Chris (P.S. I know you can buy boxes that are more secure than HP's SWC, this is more of just a challenging puzzle now).
0 Kudos
Reply
9 REPLIES 9
Steven E. Protter
Exalted Contributor

‎06-27-2003 12:00 PM

‎06-27-2003 12:00 PM

Re: SSH and secure web console

When you test and fail, a message should get picked up in /var/adm/syslog/syslog.log

If you are working on a document, please let us know what that is.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Chris Wong
Trusted Contributor

‎06-27-2003 12:08 PM

‎06-27-2003 12:08 PM

Re: SSH and secure web console

Nope, nothing is showing up in syslog. I run the client using -v and even have run the server with -ddd. Going to the SWC is tricky since it uses multiple services. For an example you might think is should be:

ssh -L8001:webconsole:80 sshdserver

(use the standard for forwarding to a 3rd host)

But maybe it has to be something more like:

ssh -L2000:webconsole:80 -L2001:webconsole:443 -R2002:webconsole:23 sshdserver

- Chris
0 Kudos
Reply
Jairo Campana
Trusted Contributor

‎06-27-2003 12:17 PM

‎06-27-2003 12:17 PM

Solution

Re: SSH and secure web console

great idea I am going it to prove
legionx
Reply
Jairo Campana
Trusted Contributor

‎06-27-2003 12:31 PM

‎06-27-2003 12:31 PM

Re: SSH and secure web console

my probe:
1)
nmap -sS -PT -PI -O -T 3 172.31.195.134 nmap -sS -PT -PI -O -T 3 10.1.1.10
(The 1599 ports scanned but not shown below are in state: closed)
Port State Service
23/tcp open telnet
80/tcp open http
Remote OS guesses: Router/Switch/Printer (LanPlex 2500/Cisco Catalyst 5505/CISCO 6509/Trancell Webramp/Xylan Omni Switch)/Epson Stylus (100BTX-NIC HP Secure Web Console, Sonicwall firewall appliance 3.3.1), VxWorks 5.3.x bases system (usually an ethernet hub or switch) or BayNetworks MicroAnnex XL term server
Nmap run completed -- 1 IP address (1 host up) scanned in 110 seconds

edit /etc/hosts
10.1.1.10 webnms1
good :
ssh -L8001:webnms1:80 nms1
The authenticity of host 'nms1 (172.31.195.133)' can't be established.
RSA1 key fingerprint is 32:49:7c:9c:32:23:a6:55:d0:3b:93:55:af:77:ce:4a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'nms1,172.31.195.133' (RSA1) to the list of known hosts.
root@nms1's password:



legionx
Reply
Chris Wong
Trusted Contributor

‎06-27-2003 01:41 PM

‎06-27-2003 01:41 PM

Re: SSH and secure web console

Does this work for you? It doesn't for me (I can make the forwarded ports, but when I try to use them it doesn't work).

- Chris
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎07-01-2003 12:22 AM

‎07-01-2003 12:22 AM

Re: SSH and secure web console

Hi,

I would prefer SSL-enabling the web server if possible than tunneling the HTTP connection over SSH. It is much cleaner that way because there is no need to maintain the tunnel, encryption is end-to-end from web browser to web server and the webserver is still authenticated via its certificate.

I don't understand why they called it secure web console when the web access is not SSL-enabled over HTTPS at all.

My 2.08 cents. Regards.

Steven Sim Kok Leong
0 Kudos
Reply
David Lodge
Trusted Contributor

‎07-01-2003 06:26 AM

‎07-01-2003 06:26 AM

Re: SSH and secure web console

The problem with the SWC is that the 'S' is a bit of a lie; it is *slightly* crypted - but not with any real strength.

You connect to the SWC on port 80 - it connects via loopback to port 23; exclusive or'ing with the ASCII code for the letter 'E'...

There is an article on SANS about the SWC which goes into detail on the security.

dave
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎07-01-2003 06:09 PM

‎07-01-2003 06:09 PM

Re: SSH and secure web console

Hi,

Yeap, read about the XOR quite a long while ago. It is not encryption at all. Such encoding (not encryption) schemes should be discouraged along with the likes of the base64 encoding scheme.

My 2.08 cents. Regards.

Steven Sim Kok Leong
0 Kudos
Reply
Chris Wong
Trusted Contributor

‎07-01-2003 06:21 PM

‎07-01-2003 06:21 PM

Re: SSH and secure web console

Well, it seems that I can only get past the initial SWC login screen and after that I don't get anything. If anyone does figure out the combination of SSH options to make this work, please let me know.

- Chris
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.