Comments on: Possible SSH Publishing Solution

by: Emil

Sat, 22 Nov 2008 12:40:11 +0000

SFTP uses port 115. Create a non-web publishing rule and create a new protocol SFTP_IN with inbound TCP on port 115. You might hav to go to properties of the rule after you have cliecked finish and go to “to” and change to “this request appears to come from ISA”.

by: Pushpendu

Sat, 27 Sep 2008 03:47:31 +0000

Tried all the alternatives, still cant get SFTP to work behind ISA 2006 on ESX environment.
Can anyone please suggest something?

by: Russ E

Fri, 04 Apr 2008 08:48:25 +0000

I’ve got a similar problem.

ESX environment
ISA 2006 STD on Win2k3E R2
OpenSSH on a Win2k3E R2 server behinds ISA
3 IPS on the box behind ISA. ISA IS the gateway
Port is definitely open at the hardware firewall and allowing ALL protocols in and out (which is why I guess I can see it hitting ISA)
The account I am using to log in to OpenSSH is a local admin

I look and I see that ISA initiates the connection and then I see it close a few mins later. My client, WinSCP, gives me a network timeout error. I look on the OpenSSH server and see that the client reached it but nothing happens.

I’m not sure that its an ISA error but I thought I would throw it out here to see if you have any suggestions. I thought I had everything set up correctly, have looked at this blog as well as this posting:
http://forums.isaserver.org/m_2002037501/mpage_1/k...tm.htm

Maybe I am just slow, or have been looking at it too long, but I am making no headway and am way overdue on a deadline. I really am not that familiar with ISA but have managed to get this far but would love to bring it home. If you dont think its an ISA problem I’d be open to any other suggestions you may have.

Thanks in advance and feel free to contact me publicly or privately…
Russ

by: blautens

Mon, 31 Mar 2008 13:13:53 +0000

on ISA 2006 EE array, I tried creating a new publishing rule, SSH, port 22 inbound, and used Diego’s suggestion of a secondary port range of 50000 to 51000, and it worked flawlessly with WS_FTP Server. Thanks, Diego!

by: Darek

Tue, 02 Oct 2007 12:09:25 +0000

Tried the route solution using ISA 2006 but didn’t work. While monitoring the ssh access ISA jumped to default last rule and did not “see” my publishing rule.
My successfull solution was to remove the route rule I created and to edit the publishing rule “To” tab by seelecting “the request appear to come from the ISA server.

My2Cents

by: ISA Server SSH Ver�ffentlichung - MCSEboard.de MCSE Forum

Mon, 09 Jul 2007 21:28:30 +0000

[…] Da gibt es ein paar L�sungsm�glichkeiten: Thomas Shinder Blog � Blog Archive � Possible SSH Publishing Solution grizzly999 […]

by: Mikael Ulvesjo

Fri, 08 Jun 2007 10:53:59 +0000

I have problems connecting to external ssh services runing on a non default port ( E.g: 2222 ) from a linux client behind an ISA server,
Do anyone have any information or theory why I fail to do this, on the server running the ssh service I can see that the client is able to connect but it fails to authenticate, I’m using certificates to authenticate and that works if I bypass the ISA proxy.

by: networkfreek

Sat, 25 Nov 2006 04:22:54 +0000

Hi Diego Medina
It works. Can you explain, why port 50000 - 51000 have to be open for the SSH server publishing to work? Tx

by: Jim Kobak

Sat, 07 Oct 2006 16:48:47 +0000

I am still using ISA Server 2000. I can’t seem to locate any way to add a routing rule as described above. They’re all related to web requests only. Am I missing something, or do I need ISA 2004 or better?

If so, anyone have an idea to publish SSH with ISA 2000?

Thanks,

Jim

by: Thomas Shinder

Thu, 24 Aug 2006 15:39:20 +0000

Hi guys,

Thanks!
Tom