12-21-2004 06:21 AM - edited 02-20-2020 11:49 PM
I am trying to use a program WinSCP throught a pix 515. The application uses port 22 which is SSH so is kind of FTP over SSH.
The problem I have is how do I enable this, do I uses fixup ftp on port 22? will the firewall see ftp traffic or SSH encrypted traffic. How do I deal with the return traffic as it's on a different port.
Any help would be appreciated
Thanks,
Stafford
12-21-2004 07:03 AM
I'm pretty sure SSH works differently to FTP so you don't need to worry about fixups. Although SSH comes with SCP and SFTP, i believe SFTP is just an interface to make SCP look like tradional FTP and nothing else.
So if you need to allow SSH inbound then just open up your outside access-list for tcp 22 to your destination hosts.
HTH
PD
12-21-2004 10:51 AM
It should just work, no fixups necessary. If you want to enable scp for access from the outside, then you would need to open tcp port 22, just like any other port. The PIX, while supporting ssh for management, is scp/ssh/sftp unaware for fixups - not that it has any real need to be, as those should not need more than one port (with the exception of sftp, because a lot of people call things sftp and there is no real standard)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide