SSH on Multiple ports Fedora Core 4

Mark msalists at gmx.net
Mon Nov 28 22:13:34 UTC 2005


If you just want your sshd to liston on multiple ports, modify your /etc/ssh/sshd_config and add one port directive for each
additional port.
By default, it has a line 
#Port 22

Activate this line and add more for the other ports:

Port 22
Port 5000
Port 4233
Etc.

For more info, try "man sshd_config"

MARK


> -----Original Message-----
> From: fedora-list-bounces at redhat.com 
> [mailto:fedora-list-bounces at redhat.com] On Behalf Of John Gallagher
> Sent: Monday, November 28, 2005 1:47 PM
> To: fedora-list at redhat.com
> Subject: SSH on Multiple ports Fedora Core 4
> 
> 
> I have created a separate config file for SSH to run and 
> listen on another port (for example: 5000 RSA connections 
> only).  I created another init script called sshd-ext in 
> /etc/init.d (Minor Modifications see file below). I created 
> file to call the new config in /etc/sysconfig/sshd-ext.
> 
> All seems to work fine except I get errors in the security 
> logs.  Which I have seen from others post on the Fedora forum.
> 
> Nov 28 12:26:58 vpn sshd[26691]: error: Bind to port 5000 on 
> 0.0.0.0 failed: Address already in use. Nov 28 12:35:42 vpn 
> sshd[26691]: Received signal 15; terminating.
> 
> I edited the conf file and specified the IP Address of the 
> interface to use for this config:
> 
> Port 5000
> #Protocol 2,1
> ListenAddress 10.200.16.10
> #ListenAddress 0.0.0.0
> #ListenAddress ::
> 
> I verified the original sshd_confid was only listening on 
> 0.0.0.0 and not ::
> 
> The problem is ssh seems to use the same PID for both 
> processes and always wants to bind on port 22 for some 
> reason.  If I restart one of the processes it can and 
> sometimes does kill the other process.  
> 
> service sshd restart will kill the process started as sshd-ext.
>  
> I also run the same config on FC1 and I have do not have these issues.
>  
> See version and intit scripts below:
> 
> [root at vpn root]# rpm -qa |grep ssh
> openssh-askpass-3.6.1p2-34
> openssh-3.6.1p2-34
> openssh-clients-3.6.1p2-34
> openssh-askpass-gnome-3.6.1p2-34
> openssh-server-3.6.1p2-34
> [root at vpn root]#
> 
> [root at vpn root]# cat /etc/init.d/sshd-ext
> #!/bin/bash
> #
> # Init file for OpenSSH server daemon
> #
> # chkconfig: 2345 55 25
> # description: OpenSSH server daemon
> #
> # processname: sshd
> # config: /etc/ssh/ssh_host_key
> # config: /etc/ssh/ssh_host_key.pub
> # config: /etc/ssh/ssh_random_seed
> # config: /etc/ssh/sshd_config
> # pidfile: /var/run/sshd-ext.pid
> 
> # source function library
> . /etc/rc.d/init.d/functions
> 
> # pull in sysconfig settings
> [ -f /etc/sysconfig/sshd-ext ] && . /etc/sysconfig/sshd-ext
> 
> RETVAL=0
> prog="sshd"
> 
> # Some functions to make the below more readable 
> KEYGEN=/usr/bin/ssh-keygen SSHD=/usr/sbin/sshd 
> RSA1_KEY=/etc/ssh/ssh_host_key 
> RSA_KEY=/etc/ssh/ssh_host_rsa_key 
> DSA_KEY=/etc/ssh/ssh_host_dsa_key PID_FILE=/var/run/sshd-ext.pid
> 
> do_rsa1_keygen() {
>         if [ ! -s $RSA1_KEY ]; then
>                 echo -n $"Generating SSH1 RSA host key: "
>                 if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N 
> '' >&/dev/null; then
>                         chmod 600 $RSA1_KEY
>                         chmod 644 $RSA1_KEY.pub
>                         success $"RSA1 key generation"
>                         echo
>                 else
>                         failure $"RSA1 key generation"
>                         echo
>                         exit 1
>                 fi
>         fi
> }
> 
> do_rsa_keygen() {
>         if [ ! -s $RSA_KEY ]; then
>                 echo -n $"Generating SSH2 RSA host key: "
>                 if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' 
> >&/dev/null; then
>                         chmod 600 $RSA_KEY
>                         chmod 644 $RSA_KEY.pub
>                         success $"RSA key generation"
>                         echo
>                 else
>                         failure $"RSA key generation"
>                         echo
>                         exit 1
>                 fi
>         fi
> }
> 
> do_dsa_keygen() {
>         if [ ! -s $DSA_KEY ]; then
>                 echo -n $"Generating SSH2 DSA host key: "
>                 if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' 
> >&/dev/null; then
>                         chmod 600 $DSA_KEY
>                         chmod 644 $DSA_KEY.pub
>                         success $"DSA key generation"
>                         echo
>                 else
>                         failure $"DSA key generation"
>                         echo
>                         exit 1
>                 fi
>         fi
> }
> 
> do_restart_sanity_check()
> {
>         $SSHD -t
>         RETVAL=$?
>         if [ ! "$RETVAL" = 0 ]; then
>                 failure $"Configuration file or keys are invalid"
>                 echo
>         fi
> }
> 
> start()
> {
>         # Create keys if necessary
>         do_rsa1_keygen
>         do_rsa_keygen
>         do_dsa_keygen
> 
>         echo -n $"Starting $prog:"
>         initlog -c "$SSHD $OPTIONS" && success || failure
>         RETVAL=$?
>         [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd-ext
>         echo
> }
> 
> stop()
> {
>         echo -n $"Stopping $prog:"
>         killproc $SSHD -TERM
>         RETVAL=$?
>         [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd-ext
>         echo
> }
> 
> reload()
> {
>         echo -n $"Reloading $prog:"
>         killproc $SSHD -HUP
>         RETVAL=$?
>         echo
> }
> 
> case "$1" in
>         start)
>                 start
>                 ;;
>         stop)
>                 stop
>                 ;;
>         restart)
>                 stop
>                 start
>                 ;;
>         reload)
>                 reload
>                 ;;
>         condrestart)
>                 if [ -f /var/lock/subsys/sshd-ext ] ; then
>                         do_restart_sanity_check
>                         if [ "$RETVAL" = 0 ] ; then
>                                 stop
>                                 # avoid race
>                                 sleep 3
>                                 start
>                         fi
>                 fi
>                 ;;
>         status)
>                 status $SSHD
>                 RETVAL=$?
>                 ;;
>         *)
>                 echo $"Usage: $0 
> {start|stop|restart|reload|condrestart|status}"
>                 RETVAL=1
> esac
> exit $RETVAL
> [root at vpn root]#
>  
> 
> -- 
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> 




More information about the fedora-list mailing list