changing SSH ports

Michael Velez mikev777 at hotmail.com
Tue May 3 22:00:20 UTC 2005 

Tom,

I reread your post and see where you're coming from now.

To change the ssh port, i changed three things:

- /etc/services to have ssh point to the new port (it may not be used but
didn't want to risk)

- /etc/ssh/sshd_config specifying:
Port 26

even though I do specifically use the -p option of sshd  to specify the new
port as per below

- /etc/init.d/sshd script

in start() function

initlog -c "$SSHD -p 26 $OPTIONS" && success || failure


I'm not an ssh expert, but this worked for me. It's best to check whether
you can ssh to port 26 from inside your home network first.  When that's
working, check from the public internet.

Michael


> -----Original Message-----
> From: redhat-list-bounces at redhat.com 
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Burke, Thomas G.
> Sent: Tuesday, May 03, 2005 10:25 AM
> To: General Red Hat Linux discussion list
> Subject: RE: changing SSH ports
> 
> Just installed openssh on my machine & tried logging in.  If 
> I go to the default port (22), I get a connection refused.  
> If I go to port 26 (or any other port), I get a connection timed out.
>  
>     Any clues?
>  
> 
> -----Original Message-----
> From: redhat-list-bounces at redhat.com 
> [mailto:redhat-list-bounces at redhat.com]On Behalf Of Burke, Thomas G.
> Sent: Tuesday, May 03, 2005 10:10 AM
> To: General Red Hat Linux discussion list
> Subject: RE: changing SSH ports
> 
> 
> 
> The interesting thing is that even if I tell the router to 
> put my server in the "DMZ," I still cannot connect.  If I try 
> to connect to port 22, the thing fails pretty quickly.  If I 
> try to connect to port 26, then it takes a while longer, and 
> then fails.
> 
> -----Original Message-----
> From: redhat-list-bounces at redhat.com [ 
> mailto:redhat-list-bounces at redhat.com]On Behalf Of Burke, Thomas G. 
> Sent: Tuesday, May 03, 2005 10:00 AM
> To: General Red Hat Linux discussion list
> Subject: RE: changing SSH ports 
> 
> 
> 
> This *IS* a home connection. 
>   
> The modem has had the firmware modified to support PPPoE 
> passthru, so the interior box handles all the authentication 
> & so forth.  The router is a LinkSys WRT54G, plugged directly 
> into the modem (server has been moved back).  All connections 
> thru the router to the server work fine (ports 22, 25, 80).
> 
> 
> Added the router tport triggers & port passthru to allow port 
> 26, as well.  I can connect thru if ssh is on port 22, but 
> not on port 26.  I didn't get a chance to doublechek last 
> night, but I think I can connect from inside the house, from 
> another machine.  I have modified my firewall to add the port 
> 26.  I'm beginning to wonder if I need to modify my services 
> script or something, although I thought that wasn't used by 
> anything...
> 
> 
>     -Tom 
> 
> -----Original Message-----
> From: redhat-list-bounces at redhat.com [ 
> mailto:redhat-list-bounces at redhat.com]On Behalf Of Michael Velez
> Sent: Tuesday, May 03, 2005 3:42 AM
> To: 'General Red Hat Linux discussion list' 
> Subject: RE: changing SSH ports 
> 
> 
> 
> 
> 
> > -----Original Message-----
> > From: redhat-list-bounces at redhat.com
> > [ mailto:redhat-list-bounces at redhat.com] On Behalf Of 
> Burke, Thomas G. 
> > Sent: Monday, May 02, 2005 3:38 PM
> > To: redhat-list at redhat.com
> > Subject: changing SSH ports
> > 
> > All,
> > 
> >       I'm having some problems that I'm not quite able to 
> figure out, 
> > yet.
> > 
> >       1)  Changed /etc/ssh2/ssh2d_config 
> >               listening on port 26
> > 
> >       2)  Changed firewall to allow connections on port 26
> > 
> >       3)  Changed router to allow IPMASQ on port 26 as well as port 
> > 22.
> > 
> > 
> >       logs show ssh2d running on port 26
> > 
> >       can login from internal network, but not from internet. 
> > 
> >       any clues? 
> > 
> >       Thanks, 
> >               Tom
> > 
> > --
> > redhat-list mailing list
> > unsubscribe 
> mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> > 
> 
> Is this a home connection?  Do you have a separate dsl modem 
> and router? 
> 
> If the above is not your setup, disregard what I say below. 
> 
> If it is, you need to add an NAPT entry (Network Address Port 
> Translation) into your dsl modem, as well, which should look 
> like the following: 
> 
> inside address: <router ip address as seen by modem>:26 
> outside address: <your external ip address>:26 protocol:tcp 
> 
> I have only set one up for tcp and it seems to work fine.  I 
> have ssh'd to a different port many times. By the way, you 
> would need this even if you ssh'd to port 22. 
> 
> The router IP address is the address as seen by the modem, so 
> it is not the typical router address you see in your LAN.  In 
> my setup, the router IP address as seen from the modem is 
> 10.0.0.1 and as seen from my internal LAN is 192.168.1.1. 
> 
> Most modems will allow you to specify a rule template as 
> opposed to the NAPT rule itself.  This helps if you have a 
> dynamic IP address, which most residential setups do.  If you 
> reboot your modem, your ISP will allocate a different IP 
> address to your dsl modem.  So your external IP address will 
> change, requiring you to change the NAPT rule every time you 
> reboot.  By creating a template, you can specify 0.0.0.0 as 
> the IP address and the NAPT rule will be dynamically 
> generated using whatever external IP address your dsl modem 
> has been assigned. 
> 
> For my setup, the NAPT template would be: 
> 
> inside address: 10.0.0.1:26
> outside address: 0.0.0.0:26
> protocol: tcp 
> 
> As for the router, your router may be different; however, I 
> needed to create a Virtual Server entry in the router's 
> Firewall section with the following: 
> 
> Virtual Server IP Address: <RedHat Linux Server IP Address> 
> Service Name: Secure Shell Service Port: 26 
> 
> That is all I did on the router side.  Since I did nothing to 
> setup port 22, both my modem and router block messages coming 
> on that port.  I do not use DMZ. 
> 
> Since you can login from your internal network, your RedHat 
> Linux firewall and sshd configuration seem to be working fine. 
> 
> Hope this helps,
> Michael 
> 
> 
> 
> 
> -- 
> redhat-list mailing list 
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe 
> https://www.redhat.com/mailman/listinfo/redhat-list 
> 
> -- 
> redhat-list mailing list 
> unsubscribe mailto:redhat-list-request at redhat.com?subject=subscribe 
> https://www.redhat.com/mailman/listinfo/redhat-list 
> 
> -- 
> redhat-list mailing list 
> unsubscribe mailto:redhat-list-request at redhat.com?subject=subscribe 
> https://www.redhat.com/mailman/listinfo/redhat-list 
> 
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=subscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

More information about the redhat-list mailing list