SSH on Multiple ports Fedora Core 4
Mark
msalists at gmx.net
Mon Nov 28 22:13:34 UTC 2005
If you just want your sshd to liston on multiple ports, modify your /etc/ssh/sshd_config and add one port directive for each
additional port.
By default, it has a line
#Port 22
Activate this line and add more for the other ports:
Port 22
Port 5000
Port 4233
Etc.
For more info, try "man sshd_config"
MARK
> -----Original Message-----
> From: fedora-list-bounces at redhat.com
> [mailto:fedora-list-bounces at redhat.com] On Behalf Of John Gallagher
> Sent: Monday, November 28, 2005 1:47 PM
> To: fedora-list at redhat.com
> Subject: SSH on Multiple ports Fedora Core 4
>
>
> I have created a separate config file for SSH to run and
> listen on another port (for example: 5000 RSA connections
> only). I created another init script called sshd-ext in
> /etc/init.d (Minor Modifications see file below). I created
> file to call the new config in /etc/sysconfig/sshd-ext.
>
> All seems to work fine except I get errors in the security
> logs. Which I have seen from others post on the Fedora forum.
>
> Nov 28 12:26:58 vpn sshd[26691]: error: Bind to port 5000 on
> 0.0.0.0 failed: Address already in use. Nov 28 12:35:42 vpn
> sshd[26691]: Received signal 15; terminating.
>
> I edited the conf file and specified the IP Address of the
> interface to use for this config:
>
> Port 5000
> #Protocol 2,1
> ListenAddress 10.200.16.10
> #ListenAddress 0.0.0.0
> #ListenAddress ::
>
> I verified the original sshd_confid was only listening on
> 0.0.0.0 and not ::
>
> The problem is ssh seems to use the same PID for both
> processes and always wants to bind on port 22 for some
> reason. If I restart one of the processes it can and
> sometimes does kill the other process.
>
> service sshd restart will kill the process started as sshd-ext.
>
> I also run the same config on FC1 and I have do not have these issues.
>
> See version and intit scripts below:
>
> [root at vpn root]# rpm -qa |grep ssh
> openssh-askpass-3.6.1p2-34
> openssh-3.6.1p2-34
> openssh-clients-3.6.1p2-34
> openssh-askpass-gnome-3.6.1p2-34
> openssh-server-3.6.1p2-34
> [root at vpn root]#
>
> [root at vpn root]# cat /etc/init.d/sshd-ext
> #!/bin/bash
> #
> # Init file for OpenSSH server daemon
> #
> # chkconfig: 2345 55 25
> # description: OpenSSH server daemon
> #
> # processname: sshd
> # config: /etc/ssh/ssh_host_key
> # config: /etc/ssh/ssh_host_key.pub
> # config: /etc/ssh/ssh_random_seed
> # config: /etc/ssh/sshd_config
> # pidfile: /var/run/sshd-ext.pid
>
> # source function library
> . /etc/rc.d/init.d/functions
>
> # pull in sysconfig settings
> [ -f /etc/sysconfig/sshd-ext ] && . /etc/sysconfig/sshd-ext
>
> RETVAL=0
> prog="sshd"
>
> # Some functions to make the below more readable
> KEYGEN=/usr/bin/ssh-keygen SSHD=/usr/sbin/sshd
> RSA1_KEY=/etc/ssh/ssh_host_key
> RSA_KEY=/etc/ssh/ssh_host_rsa_key
> DSA_KEY=/etc/ssh/ssh_host_dsa_key PID_FILE=/var/run/sshd-ext.pid
>
> do_rsa1_keygen() {
> if [ ! -s $RSA1_KEY ]; then
> echo -n $"Generating SSH1 RSA host key: "
> if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N
> '' >&/dev/null; then
> chmod 600 $RSA1_KEY
> chmod 644 $RSA1_KEY.pub
> success $"RSA1 key generation"
> echo
> else
> failure $"RSA1 key generation"
> echo
> exit 1
> fi
> fi
> }
>
> do_rsa_keygen() {
> if [ ! -s $RSA_KEY ]; then
> echo -n $"Generating SSH2 RSA host key: "
> if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N ''
> >&/dev/null; then
> chmod 600 $RSA_KEY
> chmod 644 $RSA_KEY.pub
> success $"RSA key generation"
> echo
> else
> failure $"RSA key generation"
> echo
> exit 1
> fi
> fi
> }
>
> do_dsa_keygen() {
> if [ ! -s $DSA_KEY ]; then
> echo -n $"Generating SSH2 DSA host key: "
> if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N ''
> >&/dev/null; then
> chmod 600 $DSA_KEY
> chmod 644 $DSA_KEY.pub
> success $"DSA key generation"
> echo
> else
> failure $"DSA key generation"
> echo
> exit 1
> fi
> fi
> }
>
> do_restart_sanity_check()
> {
> $SSHD -t
> RETVAL=$?
> if [ ! "$RETVAL" = 0 ]; then
> failure $"Configuration file or keys are invalid"
> echo
> fi
> }
>
> start()
> {
> # Create keys if necessary
> do_rsa1_keygen
> do_rsa_keygen
> do_dsa_keygen
>
> echo -n $"Starting $prog:"
> initlog -c "$SSHD $OPTIONS" && success || failure
> RETVAL=$?
> [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd-ext
> echo
> }
>
> stop()
> {
> echo -n $"Stopping $prog:"
> killproc $SSHD -TERM
> RETVAL=$?
> [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd-ext
> echo
> }
>
> reload()
> {
> echo -n $"Reloading $prog:"
> killproc $SSHD -HUP
> RETVAL=$?
> echo
> }
>
> case "$1" in
> start)
> start
> ;;
> stop)
> stop
> ;;
> restart)
> stop
> start
> ;;
> reload)
> reload
> ;;
> condrestart)
> if [ -f /var/lock/subsys/sshd-ext ] ; then
> do_restart_sanity_check
> if [ "$RETVAL" = 0 ] ; then
> stop
> # avoid race
> sleep 3
> start
> fi
> fi
> ;;
> status)
> status $SSHD
> RETVAL=$?
> ;;
> *)
> echo $"Usage: $0
> {start|stop|restart|reload|condrestart|status}"
> RETVAL=1
> esac
> exit $RETVAL
> [root at vpn root]#
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
More information about the fedora-list
mailing list