SSH on Multiple ports Fedora Core 4

John Gallagher john.gallagher at ciosystems.com
Mon Nov 28 22:20:48 UTC 2005 

I want it to run on multiple ports but with different options.  The service
running on port 5000 will be open for outside connections, RSA only, and no
root login.  I want the standard config to also run so that internally you
do not need a RSA key and can login as root. 

John 
> -----Original Message-----
> From: fedora-list-bounces at redhat.com 
> [mailto:fedora-list-bounces at redhat.com] On Behalf Of Mark
> Sent: Monday, November 28, 2005 2:14 PM
> To: John.Gallagher at ciosystems.com; 'For users of Fedora Core releases'
> Subject: RE: SSH on Multiple ports Fedora Core 4
> 
> If you just want your sshd to liston on multiple ports, 
> modify your /etc/ssh/sshd_config and add one port directive 
> for each additional port.
> By default, it has a line
> #Port 22
> 
> Activate this line and add more for the other ports:
> 
> Port 22
> Port 5000
> Port 4233
> Etc.
> 
> For more info, try "man sshd_config"
> 
> MARK
> 
> 
> > -----Original Message-----
> > From: fedora-list-bounces at redhat.com
> > [mailto:fedora-list-bounces at redhat.com] On Behalf Of John Gallagher
> > Sent: Monday, November 28, 2005 1:47 PM
> > To: fedora-list at redhat.com
> > Subject: SSH on Multiple ports Fedora Core 4
> > 
> > 
> > I have created a separate config file for SSH to run and listen on 
> > another port (for example: 5000 RSA connections only).  I created 
> > another init script called sshd-ext in /etc/init.d (Minor 
> > Modifications see file below). I created file to call the 
> new config 
> > in /etc/sysconfig/sshd-ext.
> > 
> > All seems to work fine except I get errors in the security logs.  
> > Which I have seen from others post on the Fedora forum.
> > 
> > Nov 28 12:26:58 vpn sshd[26691]: error: Bind to port 5000 
> on 0.0.0.0 
> > failed: Address already in use. Nov 28 12:35:42 vpn
> > sshd[26691]: Received signal 15; terminating.
> > 
> > I edited the conf file and specified the IP Address of the 
> interface 
> > to use for this config:
> > 
> > Port 5000
> > #Protocol 2,1
> > ListenAddress 10.200.16.10
> > #ListenAddress 0.0.0.0
> > #ListenAddress ::
> > 
> > I verified the original sshd_confid was only listening on 
> 0.0.0.0 and 
> > not ::
> > 
> > The problem is ssh seems to use the same PID for both processes and 
> > always wants to bind on port 22 for some reason.  If I 
> restart one of 
> > the processes it can and sometimes does kill the other process.
> > 
> > service sshd restart will kill the process started as sshd-ext.
> >  
> > I also run the same config on FC1 and I have do not have 
> these issues.
> >  
> > See version and intit scripts below:
> > 
> > [root at vpn root]# rpm -qa |grep ssh
> > openssh-askpass-3.6.1p2-34
> > openssh-3.6.1p2-34
> > openssh-clients-3.6.1p2-34
> > openssh-askpass-gnome-3.6.1p2-34
> > openssh-server-3.6.1p2-34
> > [root at vpn root]#
> > 
> > [root at vpn root]# cat /etc/init.d/sshd-ext #!/bin/bash # # Init file 
> > for OpenSSH server daemon # # chkconfig: 2345 55 25 # description: 
> > OpenSSH server daemon # # processname: sshd # config: 
> > /etc/ssh/ssh_host_key # config: /etc/ssh/ssh_host_key.pub # config: 
> > /etc/ssh/ssh_random_seed # config: /etc/ssh/sshd_config # pidfile: 
> > /var/run/sshd-ext.pid
> > 
> > # source function library
> > . /etc/rc.d/init.d/functions
> > 
> > # pull in sysconfig settings
> > [ -f /etc/sysconfig/sshd-ext ] && . /etc/sysconfig/sshd-ext
> > 
> > RETVAL=0
> > prog="sshd"
> > 
> > # Some functions to make the below more readable 
> > KEYGEN=/usr/bin/ssh-keygen SSHD=/usr/sbin/sshd 
> > RSA1_KEY=/etc/ssh/ssh_host_key RSA_KEY=/etc/ssh/ssh_host_rsa_key 
> > DSA_KEY=/etc/ssh/ssh_host_dsa_key PID_FILE=/var/run/sshd-ext.pid
> > 
> > do_rsa1_keygen() {
> >         if [ ! -s $RSA1_KEY ]; then
> >                 echo -n $"Generating SSH1 RSA host key: "
> >                 if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' 
> > >&/dev/null; then
> >                         chmod 600 $RSA1_KEY
> >                         chmod 644 $RSA1_KEY.pub
> >                         success $"RSA1 key generation"
> >                         echo
> >                 else
> >                         failure $"RSA1 key generation"
> >                         echo
> >                         exit 1
> >                 fi
> >         fi
> > }
> > 
> > do_rsa_keygen() {
> >         if [ ! -s $RSA_KEY ]; then
> >                 echo -n $"Generating SSH2 RSA host key: "
> >                 if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' 
> > >&/dev/null; then
> >                         chmod 600 $RSA_KEY
> >                         chmod 644 $RSA_KEY.pub
> >                         success $"RSA key generation"
> >                         echo
> >                 else
> >                         failure $"RSA key generation"
> >                         echo
> >                         exit 1
> >                 fi
> >         fi
> > }
> > 
> > do_dsa_keygen() {
> >         if [ ! -s $DSA_KEY ]; then
> >                 echo -n $"Generating SSH2 DSA host key: "
> >                 if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' 
> > >&/dev/null; then
> >                         chmod 600 $DSA_KEY
> >                         chmod 644 $DSA_KEY.pub
> >                         success $"DSA key generation"
> >                         echo
> >                 else
> >                         failure $"DSA key generation"
> >                         echo
> >                         exit 1
> >                 fi
> >         fi
> > }
> > 
> > do_restart_sanity_check()
> > {
> >         $SSHD -t
> >         RETVAL=$?
> >         if [ ! "$RETVAL" = 0 ]; then
> >                 failure $"Configuration file or keys are invalid"
> >                 echo
> >         fi
> > }
> > 
> > start()
> > {
> >         # Create keys if necessary
> >         do_rsa1_keygen
> >         do_rsa_keygen
> >         do_dsa_keygen
> > 
> >         echo -n $"Starting $prog:"
> >         initlog -c "$SSHD $OPTIONS" && success || failure
> >         RETVAL=$?
> >         [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd-ext
> >         echo
> > }
> > 
> > stop()
> > {
> >         echo -n $"Stopping $prog:"
> >         killproc $SSHD -TERM
> >         RETVAL=$?
> >         [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd-ext
> >         echo
> > }
> > 
> > reload()
> > {
> >         echo -n $"Reloading $prog:"
> >         killproc $SSHD -HUP
> >         RETVAL=$?
> >         echo
> > }
> > 
> > case "$1" in
> >         start)
> >                 start
> >                 ;;
> >         stop)
> >                 stop
> >                 ;;
> >         restart)
> >                 stop
> >                 start
> >                 ;;
> >         reload)
> >                 reload
> >                 ;;
> >         condrestart)
> >                 if [ -f /var/lock/subsys/sshd-ext ] ; then
> >                         do_restart_sanity_check
> >                         if [ "$RETVAL" = 0 ] ; then
> >                                 stop
> >                                 # avoid race
> >                                 sleep 3
> >                                 start
> >                         fi
> >                 fi
> >                 ;;
> >         status)
> >                 status $SSHD
> >                 RETVAL=$?
> >                 ;;
> >         *)
> >                 echo $"Usage: $0
> > {start|stop|restart|reload|condrestart|status}"
> >                 RETVAL=1
> > esac
> > exit $RETVAL
> > [root at vpn root]#
> >  
> > 
> > --
> > fedora-list mailing list
> > fedora-list at redhat.com
> > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> > 
> 
> -- 
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>

More information about the fedora-list mailing list