Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 33

Thread: changing ssh listener port?

  1. #21
    Senior Member registered user
    Join Date
    Nov 2002
    Location
    Long Island, NY, USA
    Posts
    1,256
    Thanx for all your generous help so far markus!

    OK, here's the current state of affairs:

    I checked netstat in a root shell and its OK.

    I did all that iptable stuff you said in a root shell.

    Here's my whole /etc/hosts.deny file (except for commented lines):
    ALL:ALL

    Here's my whole /etc/hosts.allow file (except for commented lines):
    ssh sshd : 127.0.0.1 LOCAL : ALLOW
    ssh sshd : XX.XX.XX.XX : ALLOW
    ALL:ALL:deny


    Here's my whole /etc/ssh/ssh_config file (except for commented lines):
    Host localhost
    ForwardAgent yes
    ForwardX11 yes
    Host *
    ForwardX11 yes
    RhostsAuthentication no
    RhostsRSAAuthentication yes
    RSAAuthentication yes
    PasswordAuthentication yes
    FallBackToRsh no
    UseRsh no
    CheckHostIP yes
    Port 22
    Protocol 2,1
    Cipher blowfish


    Here's my whole /etc/ssh/sshd_config file (except for commented lines):
    Port 80
    HostKey /etc/ssh/ssh_host_key
    HostKey /etc/ssh/ssh_host_rsa_key
    HostKey /etc/ssh/ssh_host_dsa_key
    ServerKeyBits 768
    LoginGraceTime 600
    KeyRegenerationInterval 3600
    PermitRootLogin yes
    IgnoreRhosts yes
    StrictModes yes
    X11Forwarding yes
    X11DisplayOffset 10
    PrintMotd no
    PrintLastLog no
    KeepAlive yes
    SyslogFacility AUTH
    LogLevel INFO
    RhostsRSAAuthentication no
    HostbasedAuthentication no
    RSAAuthentication yes
    PasswordAuthentication yes
    PermitEmptyPasswords no
    Subsystem sftp /usr/lib/sftp-server
    UsePAM yes


    I issued the following command in a root shell:
    /etc/init.d/ssh restart

    I logged-in to my workpc from home (using port 22)
    ssh apcs@XX.XX.XX.XX

    Then I logged-in from there to my homepc (using port 80)
    ssh apcs@XX.XXX.XXX.XX -p80

    and the best I get is:
    ssh_exchange_identification: Connection closed by remote host

    ARRGGGHHHHH!

    Frustrated,
    AJG

  2. #22
    Senior Member
    Join Date
    Nov 2003
    Posts
    1,323
    Quote Originally Posted by A. Jorge Garcia
    I did all that iptable stuff you said in a root shell.
    Umm, thats a line I use in my firewall.sh, it's not a command.
    Do you have iptables running? Check with iptables -nL

    Here's my whole /etc/hosts.deny file (except for commented lines):
    ALL:ALL

    Here's my whole /etc/hosts.allow file (except for commented lines):
    ssh sshd : 127.0.0.1 LOCAL : ALLOW
    ssh sshd : XX.XX.XX.XX : ALLOW
    ALL:ALL:deny
    Can't see a fault there..

    Here's my whole /etc/ssh/ssh_config file (except for commented lines):
    That's only for outward connections.

    Then I logged-in from there to my homepc (using port 80)
    ssh apcs@XX.XXX.XXX.XX -p80
    Is the missing space between p and 80 a typo?

    ARRGGGHHHHH!

    Frustrated,
    That I believe.

    In your sshd_config:
    HostKey /etc/ssh/ssh_host_key ---this would accept also ssh1 protocol

    Well, here's my sshd_config:
    Port 22
    Protocol 2 ---your missing this if you want protocol 2 only
    HostKey /etc/ssh/ssh_host_rsa_key
    HostKey /etc/ssh/ssh_host_dsa_key
    UsePrivilegeSeparation yes ---not sure if this is important
    KeyRegenerationInterval 3600
    ServerKeyBits 768
    SyslogFacility AUTH
    LogLevel INFO
    LoginGraceTime 600
    PermitRootLogin no ---change this to no
    StrictModes yes
    RSAAuthentication yes ---your missing this
    PubkeyAuthentication yes ---your missing this
    IgnoreRhosts yes
    RhostsRSAAuthentication no
    HostbasedAuthentication no
    PermitEmptyPasswords no
    PasswordAuthentication no
    X11Forwarding no
    X11DisplayOffset 10
    PrintMotd no
    PrintLastLog yes
    KeepAlive yes
    Subsystem sftp /usr/lib/sftp-server
    UsePAM yes

    I just ssh'd with this to work and back to home so at least for me it works. Could it be that your work has disabled the not so secure protocol1?
    How about: ssh -2 -p 80 login@IP
    Check first if you can connect from home to home with ssh -p 80 homelogin@homeIP and ssh -2 -p 80 homelogin@homeIP

    We might be barking up the wrong tree. For all I know the answer is probably obvious and simple. I'm just not seeing it.

    EDIT: Another thought. Try deleting the line for your homeIP in the known_hosts file at your work.

  3. #23
    Senior Member registered user
    Join Date
    Nov 2002
    Location
    Long Island, NY, USA
    Posts
    1,256
    Well, I never had to setup iptables before! So I didn't know what I was doing when I used that shell command you gave me.

    Anyway, here's what iptables -nL returns:
    root@gaurdian.mil:~# iptables -nL
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:80

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination


    BTW, ssh apcs@localhost -p80 works fine as does ssh apcs@localhost -p 80

    Also, ssh apcs@localhost -p80 works fine as does ssh -2 apcs@localhost -p80

    EDIT: OK, maybe you're on to something again with the known_hosts file....

    Stumped,
    AJG

  4. #24
    Senior Member
    Join Date
    Nov 2003
    Posts
    1,323
    Quote Originally Posted by A. Jorge Garcia
    Well, I never had to setup iptables before! So I didn't know what I was doing when I used that shell command you gave me.

    Anyway, here's what iptables -nL returns:
    root@gaurdian.mil:~# iptables -nL
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:80

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    Ok, so iptables is running. Are you sure it wasn't running before? Otherwise I'm not sure where you got those chains. How about a reboot and then check if iptables is still running. Or check in /etc/rc2-5.d if you see something calling iptables. I haven't played with the iptables script in knoppix so I don't even know what starts it.

    BTW, ssh apcs@localhost -p80 works fine as does ssh apcs@localhost -p 80
    Ok, so space isn't important.

    Also, ssh apcs@localhost -p80 works fine as does ssh -2 apcs@localhost -p80
    Oh well, home to home seems to work too and protocol isn't important at home but how about from work with -2.

    Let's hope it's the known_hosts file because quite frankly I'm really getting out of ideas here.

  5. #25
    Senior Member registered user
    Join Date
    Nov 2002
    Location
    Long Island, NY, USA
    Posts
    1,256
    Sorry, I'm not up on iptables. I just issued the commands you gave me in a root shell:

    iptables -A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
    iptables -A INPUT -i eth0 -p udp -m udp --dport 80 -j ACCEPT


    Regards,
    AJG

  6. #26
    Senior Member registered user
    Join Date
    Nov 2002
    Location
    Long Island, NY, USA
    Posts
    1,256
    I'm free, free a last, thank God almighty, free at last!!!

    Markus, you are an officer, a gentleman and a genius! I just tweaked everything again on the homePC and the workPC and on the router - now all of it works! I don't know just exactly what I fixed, but I did delete the known_host files on both PCs. I think that was the clincher.

    BTW, the only thing I didn't change was
    PermitRootLogin yes
    so I can tweak the workPC from home and the homePC from work if necessary (like I did today).

    Again, thank you, and underscore, so very much!

    Relieved,
    AJG

  7. #27
    Senior Member
    Join Date
    Nov 2003
    Posts
    1,323
    Quote Originally Posted by A. Jorge Garcia
    I'm free, free a last, thank God almighty, free at last!!!
    Well done. Would be nice to know what it was but the main thing is it's working.

    BTW, the only thing I didn't change was
    PermitRootLogin yes
    so I can tweak the workPC from home and the homePC from work if necessary (like I did today).
    You can still do su to root even when it's set to no, the Permit thingy is just to keep out script kiddies and such that try to login directly as root with different password lists.

  8. #28
    Senior Member registered user
    Join Date
    Nov 2002
    Location
    Long Island, NY, USA
    Posts
    1,256
    Thanx , Markus, for all your help. You are god amoung Linux Gurus!

    BTW, I think maybe I will remove root permission after all.

    Regards,
    AJG

  9. #29
    Senior Member
    Join Date
    Nov 2003
    Posts
    1,323
    Ahem, you're very welcome but I'm really just another semi-intermediate user.
    Wish there was some certified ladder to climb , like:
    ultranoob
    newbie
    accomplished newb
    semi-intermediate user
    intermediate user
    user
    accomplished user
    semi-guru
    guru
    kernel hacker

  10. #30
    Senior Member registered user
    Join Date
    Nov 2002
    Location
    Long Island, NY, USA
    Posts
    1,256
    I guess I'll aspire to one day be an AccomplishedNoob!

    Remember when this forum first started out? People would get some kind of rank based on how many posts they made. What happened to that? With over 1000 posts I guess I would be awarded the rank of UltraNoob since most of my posts have been questions....

    Regards,
    AJG

Page 3 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. How to get a list of parrallel port and serial port?
    By kn2user in forum General Support
    Replies: 0
    Last Post: 12-06-2004, 06:43 PM
  2. ethernet port
    By ngtisu in forum Hardware & Booting
    Replies: 4
    Last Post: 09-27-2004, 03:13 PM
  3. Parallel Port always in use?
    By KeTZer in forum Hardware & Booting
    Replies: 0
    Last Post: 05-13-2004, 01:47 PM
  4. Port 80 Open
    By oscar in forum Networking
    Replies: 8
    Last Post: 05-07-2003, 03:12 AM
  5. USB Port Problem
    By halvorj in forum Hardware & Booting
    Replies: 5
    Last Post: 04-11-2003, 04:16 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Cisco SG95-16 16-Port Gigabit Switch SG95-16-KR picture

Cisco SG95-16 16-Port Gigabit Switch SG95-16-KR

$47.00



Cisco SG95D 5 port Gigabit Desktop Switch SG95D-05-IN picture

Cisco SG95D 5 port Gigabit Desktop Switch SG95D-05-IN

$35.00



Cisco SG110 24 Port Gigabit Ethernet Switch w/ 2 x SFP SG110-24 picture

Cisco SG110 24 Port Gigabit Ethernet Switch w/ 2 x SFP SG110-24

$117.00



Cisco MS120-48FP - 52 Ports Fully Managed Ethernet Switch UNCLAIMED picture

Cisco MS120-48FP - 52 Ports Fully Managed Ethernet Switch UNCLAIMED

$449.00



Linksys SE3008 8 Ports Rack Mountable Gigabit Ethernet Switch picture

Linksys SE3008 8 Ports Rack Mountable Gigabit Ethernet Switch

$18.99



New Linksys SE3005 5-port Gigabit Ethernet Switch picture

New Linksys SE3005 5-port Gigabit Ethernet Switch

$15.99



NETGEAR 5-Port Gigabit Ethernet Unmanaged Switch (GS305) - NEW IN BOX picture

NETGEAR 5-Port Gigabit Ethernet Unmanaged Switch (GS305) - NEW IN BOX

$18.99



Cisco WS-C3750X-48T-S 48 Port 3750X Gigabit Switch - Same Day Shipping picture

Cisco WS-C3750X-48T-S 48 Port 3750X Gigabit Switch - Same Day Shipping

$49.95



*NETGEAR PROSAFE (JGS524V2) 24-Port Gigabit Ethernet Switch *NO AC* picture

*NETGEAR PROSAFE (JGS524V2) 24-Port Gigabit Ethernet Switch *NO AC*

$29.99



YuanLey 10 Port Gigabit PoE Switch With 8 Poe Unmanaged with 2 1000Mbps Uplink picture

YuanLey 10 Port Gigabit PoE Switch With 8 Poe Unmanaged with 2 1000Mbps Uplink

$20.00