SSH on Multiple ports Fedora Core 4
John Gallagher
john.gallagher at ciosystems.com
Mon Nov 28 22:20:48 UTC 2005
I want it to run on multiple ports but with different options. The service
running on port 5000 will be open for outside connections, RSA only, and no
root login. I want the standard config to also run so that internally you
do not need a RSA key and can login as root.
John
> -----Original Message-----
> From: fedora-list-bounces at redhat.com
> [mailto:fedora-list-bounces at redhat.com] On Behalf Of Mark
> Sent: Monday, November 28, 2005 2:14 PM
> To: John.Gallagher at ciosystems.com; 'For users of Fedora Core releases'
> Subject: RE: SSH on Multiple ports Fedora Core 4
>
> If you just want your sshd to liston on multiple ports,
> modify your /etc/ssh/sshd_config and add one port directive
> for each additional port.
> By default, it has a line
> #Port 22
>
> Activate this line and add more for the other ports:
>
> Port 22
> Port 5000
> Port 4233
> Etc.
>
> For more info, try "man sshd_config"
>
> MARK
>
>
> > -----Original Message-----
> > From: fedora-list-bounces at redhat.com
> > [mailto:fedora-list-bounces at redhat.com] On Behalf Of John Gallagher
> > Sent: Monday, November 28, 2005 1:47 PM
> > To: fedora-list at redhat.com
> > Subject: SSH on Multiple ports Fedora Core 4
> >
> >
> > I have created a separate config file for SSH to run and listen on
> > another port (for example: 5000 RSA connections only). I created
> > another init script called sshd-ext in /etc/init.d (Minor
> > Modifications see file below). I created file to call the
> new config
> > in /etc/sysconfig/sshd-ext.
> >
> > All seems to work fine except I get errors in the security logs.
> > Which I have seen from others post on the Fedora forum.
> >
> > Nov 28 12:26:58 vpn sshd[26691]: error: Bind to port 5000
> on 0.0.0.0
> > failed: Address already in use. Nov 28 12:35:42 vpn
> > sshd[26691]: Received signal 15; terminating.
> >
> > I edited the conf file and specified the IP Address of the
> interface
> > to use for this config:
> >
> > Port 5000
> > #Protocol 2,1
> > ListenAddress 10.200.16.10
> > #ListenAddress 0.0.0.0
> > #ListenAddress ::
> >
> > I verified the original sshd_confid was only listening on
> 0.0.0.0 and
> > not ::
> >
> > The problem is ssh seems to use the same PID for both processes and
> > always wants to bind on port 22 for some reason. If I
> restart one of
> > the processes it can and sometimes does kill the other process.
> >
> > service sshd restart will kill the process started as sshd-ext.
> >
> > I also run the same config on FC1 and I have do not have
> these issues.
> >
> > See version and intit scripts below:
> >
> > [root at vpn root]# rpm -qa |grep ssh
> > openssh-askpass-3.6.1p2-34
> > openssh-3.6.1p2-34
> > openssh-clients-3.6.1p2-34
> > openssh-askpass-gnome-3.6.1p2-34
> > openssh-server-3.6.1p2-34
> > [root at vpn root]#
> >
> > [root at vpn root]# cat /etc/init.d/sshd-ext #!/bin/bash # # Init file
> > for OpenSSH server daemon # # chkconfig: 2345 55 25 # description:
> > OpenSSH server daemon # # processname: sshd # config:
> > /etc/ssh/ssh_host_key # config: /etc/ssh/ssh_host_key.pub # config:
> > /etc/ssh/ssh_random_seed # config: /etc/ssh/sshd_config # pidfile:
> > /var/run/sshd-ext.pid
> >
> > # source function library
> > . /etc/rc.d/init.d/functions
> >
> > # pull in sysconfig settings
> > [ -f /etc/sysconfig/sshd-ext ] && . /etc/sysconfig/sshd-ext
> >
> > RETVAL=0
> > prog="sshd"
> >
> > # Some functions to make the below more readable
> > KEYGEN=/usr/bin/ssh-keygen SSHD=/usr/sbin/sshd
> > RSA1_KEY=/etc/ssh/ssh_host_key RSA_KEY=/etc/ssh/ssh_host_rsa_key
> > DSA_KEY=/etc/ssh/ssh_host_dsa_key PID_FILE=/var/run/sshd-ext.pid
> >
> > do_rsa1_keygen() {
> > if [ ! -s $RSA1_KEY ]; then
> > echo -n $"Generating SSH1 RSA host key: "
> > if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N ''
> > >&/dev/null; then
> > chmod 600 $RSA1_KEY
> > chmod 644 $RSA1_KEY.pub
> > success $"RSA1 key generation"
> > echo
> > else
> > failure $"RSA1 key generation"
> > echo
> > exit 1
> > fi
> > fi
> > }
> >
> > do_rsa_keygen() {
> > if [ ! -s $RSA_KEY ]; then
> > echo -n $"Generating SSH2 RSA host key: "
> > if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N ''
> > >&/dev/null; then
> > chmod 600 $RSA_KEY
> > chmod 644 $RSA_KEY.pub
> > success $"RSA key generation"
> > echo
> > else
> > failure $"RSA key generation"
> > echo
> > exit 1
> > fi
> > fi
> > }
> >
> > do_dsa_keygen() {
> > if [ ! -s $DSA_KEY ]; then
> > echo -n $"Generating SSH2 DSA host key: "
> > if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N ''
> > >&/dev/null; then
> > chmod 600 $DSA_KEY
> > chmod 644 $DSA_KEY.pub
> > success $"DSA key generation"
> > echo
> > else
> > failure $"DSA key generation"
> > echo
> > exit 1
> > fi
> > fi
> > }
> >
> > do_restart_sanity_check()
> > {
> > $SSHD -t
> > RETVAL=$?
> > if [ ! "$RETVAL" = 0 ]; then
> > failure $"Configuration file or keys are invalid"
> > echo
> > fi
> > }
> >
> > start()
> > {
> > # Create keys if necessary
> > do_rsa1_keygen
> > do_rsa_keygen
> > do_dsa_keygen
> >
> > echo -n $"Starting $prog:"
> > initlog -c "$SSHD $OPTIONS" && success || failure
> > RETVAL=$?
> > [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd-ext
> > echo
> > }
> >
> > stop()
> > {
> > echo -n $"Stopping $prog:"
> > killproc $SSHD -TERM
> > RETVAL=$?
> > [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd-ext
> > echo
> > }
> >
> > reload()
> > {
> > echo -n $"Reloading $prog:"
> > killproc $SSHD -HUP
> > RETVAL=$?
> > echo
> > }
> >
> > case "$1" in
> > start)
> > start
> > ;;
> > stop)
> > stop
> > ;;
> > restart)
> > stop
> > start
> > ;;
> > reload)
> > reload
> > ;;
> > condrestart)
> > if [ -f /var/lock/subsys/sshd-ext ] ; then
> > do_restart_sanity_check
> > if [ "$RETVAL" = 0 ] ; then
> > stop
> > # avoid race
> > sleep 3
> > start
> > fi
> > fi
> > ;;
> > status)
> > status $SSHD
> > RETVAL=$?
> > ;;
> > *)
> > echo $"Usage: $0
> > {start|stop|restart|reload|condrestart|status}"
> > RETVAL=1
> > esac
> > exit $RETVAL
> > [root at vpn root]#
> >
> >
> > --
> > fedora-list mailing list
> > fedora-list at redhat.com
> > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> >
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
More information about the fedora-list
mailing list