changing SSH ports

Michael Velez mikev777 at hotmail.com
Tue May 3 07:41:55 UTC 2005 

 

> -----Original Message-----
> From: redhat-list-bounces at redhat.com 
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Burke, Thomas G.
> Sent: Monday, May 02, 2005 3:38 PM
> To: redhat-list at redhat.com
> Subject: changing SSH ports
> 
> All,
> 
> 	I'm having some problems that I'm not quite able to 
> figure out, yet.
> 
> 	1)  Changed /etc/ssh2/ssh2d_config
> 		listening on port 26
> 
> 	2)  Changed firewall to allow connections on port 26
> 
> 	3)  Changed router to allow IPMASQ on port 26 as well 
> as port 22.
> 
> 
> 	logs show ssh2d running on port 26
> 
> 	can login from internal network, but not from internet.
> 
> 	any clues?
> 
> 	Thanks,
> 		Tom
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> 

Is this a home connection?  Do you have a separate dsl modem and router?

If the above is not your setup, disregard what I say below.

If it is, you need to add an NAPT entry (Network Address Port Translation)
into your dsl modem, as well, which should look like the following:

inside address: <router ip address as seen by modem>:26
outside address: <your external ip address>:26
protocol:tcp

I have only set one up for tcp and it seems to work fine.  I have ssh'd to a
different port many times. By the way, you would need this even if you ssh'd
to port 22.

The router IP address is the address as seen by the modem, so it is not the
typical router address you see in your LAN.  In my setup, the router IP
address as seen from the modem is 10.0.0.1 and as seen from my internal LAN
is 192.168.1.1.

Most modems will allow you to specify a rule template as opposed to the NAPT
rule itself.  This helps if you have a dynamic IP address, which most
residential setups do.  If you reboot your modem, your ISP will allocate a
different IP address to your dsl modem.  So your external IP address will
change, requiring you to change the NAPT rule every time you reboot.  By
creating a template, you can specify 0.0.0.0 as the IP address and the NAPT
rule will be dynamically generated using whatever external IP address your
dsl modem has been assigned.

For my setup, the NAPT template would be:

inside address: 10.0.0.1:26
outside address: 0.0.0.0:26
protocol: tcp

As for the router, your router may be different; however, I needed to create
a Virtual Server entry in the router's Firewall section with the following:

Virtual Server IP Address: <RedHat Linux Server IP Address>
Service Name: Secure Shell
Service Port: 26

That is all I did on the router side.  Since I did nothing to setup port 22,
both my modem and router block messages coming on that port.  I do not use
DMZ.

Since you can login from your internal network, your RedHat Linux firewall
and sshd configuration seem to be working fine.

Hope this helps,
Michael

More information about the redhat-list mailing list