SSH on Multiple ports Fedora Core 4

From: John Gallagher (john.gallagher_at_ciosystems.com)
Date: 11/28/05

  • Next message: Scot L. Harris: "Re: Cron & Tripwire" 
    To: <fedora-list@redhat.com>
Date: Mon, 28 Nov 2005 13:47:00 -0800

    I have created a separate config file for SSH to run and listen on another
    port (for example: 5000 RSA connections only). I created another init
    script called sshd-ext in /etc/init.d (Minor Modifications see file below).
    I created file to call the new config in /etc/sysconfig/sshd-ext.

    All seems to work fine except I get errors in the security logs. Which I
    have seen from others post on the Fedora forum.

    Nov 28 12:26:58 vpn sshd[26691]: error: Bind to port 5000 on 0.0.0.0 failed:
    Address already in use.
    Nov 28 12:35:42 vpn sshd[26691]: Received signal 15; terminating.

    I edited the conf file and specified the IP Address of the interface to use
    for this config:

    Port 5000
    #Protocol 2,1
    ListenAddress 10.200.16.10
    #ListenAddress 0.0.0.0
    #ListenAddress ::

    I verified the original sshd_confid was only listening on 0.0.0.0 and not ::

    The problem is ssh seems to use the same PID for both processes and always
    wants to bind on port 22 for some reason. If I restart one of the processes
    it can and sometimes does kill the other process.

    service sshd restart will kill the process started as sshd-ext.
     
    I also run the same config on FC1 and I have do not have these issues.
     
    See version and intit scripts below:

    [root@vpn root]# rpm -qa |grep ssh
    openssh-askpass-3.6.1p2-34
    openssh-3.6.1p2-34
    openssh-clients-3.6.1p2-34
    openssh-askpass-gnome-3.6.1p2-34
    openssh-server-3.6.1p2-34
    [root@vpn root]#

    [root@vpn root]# cat /etc/init.d/sshd-ext
    #!/bin/bash
    #
    # Init file for OpenSSH server daemon
    #
    # chkconfig: 2345 55 25
    # description: OpenSSH server daemon
    #
    # processname: sshd
    # config: /etc/ssh/ssh_host_key
    # config: /etc/ssh/ssh_host_key.pub
    # config: /etc/ssh/ssh_random_seed
    # config: /etc/ssh/sshd_config
    # pidfile: /var/run/sshd-ext.pid

    # source function library
    . /etc/rc.d/init.d/functions

    # pull in sysconfig settings
    [ -f /etc/sysconfig/sshd-ext ] && . /etc/sysconfig/sshd-ext

    RETVAL=0
    prog="sshd"

    # Some functions to make the below more readable
    KEYGEN=/usr/bin/ssh-keygen
    SSHD=/usr/sbin/sshd
    RSA1_KEY=/etc/ssh/ssh_host_key
    RSA_KEY=/etc/ssh/ssh_host_rsa_key
    DSA_KEY=/etc/ssh/ssh_host_dsa_key
    PID_FILE=/var/run/sshd-ext.pid

    do_rsa1_keygen() {
            if [ ! -s $RSA1_KEY ]; then
                    echo -n $"Generating SSH1 RSA host key: "
                    if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null;
    then
                            chmod 600 $RSA1_KEY
                            chmod 644 $RSA1_KEY.pub
                            success $"RSA1 key generation"
                            echo
                    else
                            failure $"RSA1 key generation"
                            echo
                            exit 1
                    fi
            fi
    }

    do_rsa_keygen() {
            if [ ! -s $RSA_KEY ]; then
                    echo -n $"Generating SSH2 RSA host key: "
                    if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null;
    then
                            chmod 600 $RSA_KEY
                            chmod 644 $RSA_KEY.pub
                            success $"RSA key generation"
                            echo
                    else
                            failure $"RSA key generation"
                            echo
                            exit 1
                    fi
            fi
    }

    do_dsa_keygen() {
            if [ ! -s $DSA_KEY ]; then
                    echo -n $"Generating SSH2 DSA host key: "
                    if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null;
    then
                            chmod 600 $DSA_KEY
                            chmod 644 $DSA_KEY.pub
                            success $"DSA key generation"
                            echo
                    else
                            failure $"DSA key generation"
                            echo
                            exit 1
                    fi
            fi
    }

    do_restart_sanity_check()
    {
            $SSHD -t
            RETVAL=$?
            if [ ! "$RETVAL" = 0 ]; then
                    failure $"Configuration file or keys are invalid"
                    echo
            fi
    }

    start()
    {
            # Create keys if necessary
            do_rsa1_keygen
            do_rsa_keygen
            do_dsa_keygen

            echo -n $"Starting $prog:"
            initlog -c "$SSHD $OPTIONS" && success || failure
            RETVAL=$?
            [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd-ext
            echo
    }

    stop()
    {
            echo -n $"Stopping $prog:"
            killproc $SSHD -TERM
            RETVAL=$?
            [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd-ext
            echo
    }

    reload()
    {
            echo -n $"Reloading $prog:"
            killproc $SSHD -HUP
            RETVAL=$?
            echo
    }

    case "$1" in
            start)
                    start
                    ;;
            stop)
                    stop
                    ;;
            restart)
                    stop
                    start
                    ;;
            reload)
                    reload
                    ;;
            condrestart)
                    if [ -f /var/lock/subsys/sshd-ext ] ; then
                            do_restart_sanity_check
                            if [ "$RETVAL" = 0 ] ; then
                                    stop
                                    # avoid race
                                    sleep 3
                                    start
                            fi
                    fi
                    ;;
            status)
                    status $SSHD
                    RETVAL=$?
                    ;;
            *)
                    echo $"Usage: $0
    {start|stop|restart|reload|condrestart|status}"
                    RETVAL=1
    esac
    exit $RETVAL
    [root@vpn root]#
      

    -- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
  • Next message: Scot L. Harris: "Re: Cron & Tripwire"

    Relevant Pages

    • Re: SSH username and password only option
      ... and pwd option - which works fine. ... SSH mode. ... PS Is there any way of importing a previously saved config from a txt ... I can import this script I would be a very happy, and grateful, man! ...
      (comp.dcom.sys.cisco)
    • Re: embedding sshd into a server
      ... Right now it listens on a ... Copy the normal ssh config files to a new "privatessh" config: ... A simple way to force a certain command is to change ...
      (comp.security.ssh)
    • Re: Can this be a DNS problem? or ... ??
      ... > config" in the ... Sorry for not mentioning the Mozilla version, ... But ssh does. ... >>a comparable config file. ...
      (Debian-User)
    • Re: how to easily do ssh automatic password free authentication?
      ... I use a little program "ctelnet" which is part of the package SUNWccon ... The obvious disadvantage is that ctelnet uses telnet and not ssh; ... did some config to make it work with ssh and it's ok. ... I know I can setup ssh to setup ...
      (comp.unix.solaris)
    • strange messages in /var/log and all logins refused ...
      ... box and was refused (SSH 2.9 sent back the passwd prompt and ... root passwd and could ssh in successfully. ... hardware and config) that did *not* have any of this stuff. ... SBC Yahoo! ...
      (freebsd-questions)