RE: changing SSH ports
From: Burke, Thomas G. (tg.burke_at_ngc.com)
Date: 05/04/05
- Previous message: Felix Schueller: "Re: Timezone UTC (GMT)"
- Maybe in reply to: Burke, Thomas G.: "changing SSH ports"
- Next in thread: Mattias Pettersson: "RE: changing SSH ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 4 May 2005 09:16:13 -0400 To: "General Red Hat Linux discussion list" <redhat-list@redhat.com>
See in-line - port 22 worked fine for ssh, & still does if I reenable it.
My problem has been since I tried to move it to port 26, to reduce logs from morons trying to hack my machine.
If I try to log into port 22 (which no longer has a listener), I get a fairly immediate "connection failed"
If I try to log into the new port 26, it waits a while & then I get a connection timeout. I have updated my IPCHAINS firewall script to reflect the new port, but so far nothing seems to work.
If I could, for today only, could some of you try to ssh2 into my box - maybe I've somehow blocked my remote location inadvertently. tomii.dnsalias.com:26 (I'll move it to a different port later)
Thanks
-----Original Message-----
From: redhat-list-bounces@redhat.com [mailto:redhat-list-bounces@redhat.com]On Behalf Of Michael Velez
Sent: Tuesday, May 03, 2005 5:45 PM
To: 'General Red Hat Linux discussion list'
Subject: RE: changing SSH ports
Tom,
Do you mean your modem passes through PPPOE messages to your router, that
you actually have entered your ISP username and password into the router,
and it is the router that's doing the PPPOE connection?
[Burke, Thomas G.] Yes - I used to use Roaring Penguin to handle my connection...
My modem also uses PPPoE (although it actually does the PPPOE connection
with the ISP) and I still needed to add an NAPT entry into the modem.
However, I won't assume that's the problem.
a) If you do have a direct PPPoE connection to the router (which I don't
know how that's done but I'll assume), check whether the modem is actually
sending the router the ssh messages on port 26.
To verify this, go to the 'Administration Tab - Log' in the Linksys router
and enable the log feature. You should see a message in the log when there
is an ssh connection to port 26. If you get through on port 22, try that
and see what type of message you get.
[Burke, Thomas G.] Logging doesn't seem to work for any connection. I tried disabling
& reenabling, but no use - always shows the same thing. Not even for services such as http.
If you do see a message for port 22 but none for port 26, it's definitely
your modem causing the problem.
b) If it is your modem that handles the PPPOE connection
1. What's the brand name and model number of your DSL modem?
2. Can you access your DSL modem from a web browser?
[Burke, Thomas G.] Not since I set it up for PPPoE passthru. If I go back, then I have to redo all my settings throughout the router & modem, so I'm very reluctant to do that, especially since this has worked fine for me for a couple of *years*
If you do not have the IP address for it, you can find it via the router:
log into the router and go to the Status tab - Router section. In the
Internet section of that page, you should have a Default Gateway. The IP
address of that Default Gateway is the IP address of the modem.
[Burke, Thomas G.] No, default gateway for the router is the ISP connection - see your own comments below
It's possible that the field would contain your ISP gateway; however, for
that to be true, you would have to be connecting your PPPoE connection
directly from the router to the ISP (ISP username and password would have
been entered into the router). Since you have a modem in between, the
Default Gateway should be your modem.
[Burke, Thomas G.] No, the router is handling the PPPoE
3. If you can access the modem, verify what the NAPT entries look like.
Although I'm not sure this is the problem since port 22 may be going
through.
4. Verify the router log file to check whether the router is receiving the
ssh messages on port 22 (as above)
Michael
> -----Original Message-----
> From: redhat-list-bounces@redhat.com
> [ mailto:redhat-list-bounces@redhat.com] On Behalf Of Burke, Thomas G.
> Sent: Tuesday, May 03, 2005 10:10 AM
> To: General Red Hat Linux discussion list
> Subject: RE: changing SSH ports
>
> The interesting thing is that even if I tell the router to
> put my server in the "DMZ," I still cannot connect. If I try
> to connect to port 22, the thing fails pretty quickly. If I
> try to connect to port 26, then it takes a while longer, and
> then fails.
>
> -----Original Message-----
> From: redhat-list-bounces@redhat.com
> [ mailto:redhat-list-bounces@redhat.com]On Behalf Of Burke, Thomas G.
> Sent: Tuesday, May 03, 2005 10:00 AM
> To: General Red Hat Linux discussion list
> Subject: RE: changing SSH ports
>
>
>
> This *IS* a home connection.
>
> The modem has had the firmware modified to support PPPoE
> passthru, so the interior box handles all the authentication
> & so forth. The router is a LinkSys WRT54G, plugged directly
> into the modem (server has been moved back). All connections
> thru the router to the server work fine (ports 22, 25, 80).
>
>
> Added the router tport triggers & port passthru to allow port
> 26, as well. I can connect thru if ssh is on port 22, but
> not on port 26. I didn't get a chance to doublechek last
> night, but I think I can connect from inside the house, from
> another machine. I have modified my firewall to add the port
> 26. I'm beginning to wonder if I need to modify my services
> script or something, although I thought that wasn't used by
> anything...
>
>
> -Tom
>
> -----Original Message-----
> From: redhat-list-bounces@redhat.com [
> mailto:redhat-list-bounces@redhat.com]On Behalf Of Michael Velez
> Sent: Tuesday, May 03, 2005 3:42 AM
> To: 'General Red Hat Linux discussion list'
> Subject: RE: changing SSH ports
>
>
>
>
>
> > -----Original Message-----
> > From: redhat-list-bounces@redhat.com
> > [ mailto:redhat-list-bounces@redhat.com] On Behalf Of
> Burke, Thomas G.
> > Sent: Monday, May 02, 2005 3:38 PM
> > To: redhat-list@redhat.com
> > Subject: changing SSH ports
> >
> > All,
> >
> > I'm having some problems that I'm not quite able to
> figure out,
> > yet.
> >
> > 1) Changed /etc/ssh2/ssh2d_config
> > listening on port 26
> >
> > 2) Changed firewall to allow connections on port 26
> >
> > 3) Changed router to allow IPMASQ on port 26 as well as port
> > 22.
> >
> >
> > logs show ssh2d running on port 26
> >
> > can login from internal network, but not from internet.
> >
> > any clues?
> >
> > Thanks,
> > Tom
> >
> > --
> > redhat-list mailing list
> > unsubscribe
> mailto:redhat-list-request@redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
>
> Is this a home connection? Do you have a separate dsl modem
> and router?
>
> If the above is not your setup, disregard what I say below.
>
> If it is, you need to add an NAPT entry (Network Address Port
> Translation) into your dsl modem, as well, which should look
> like the following:
>
> inside address: <router ip address as seen by modem>:26
> outside address: <your external ip address>:26 protocol:tcp
>
> I have only set one up for tcp and it seems to work fine. I
> have ssh'd to a different port many times. By the way, you
> would need this even if you ssh'd to port 22.
>
> The router IP address is the address as seen by the modem, so
> it is not the typical router address you see in your LAN. In
> my setup, the router IP address as seen from the modem is
> 10.0.0.1 and as seen from my internal LAN is 192.168.1.1.
>
> Most modems will allow you to specify a rule template as
> opposed to the NAPT rule itself. This helps if you have a
> dynamic IP address, which most residential setups do. If you
> reboot your modem, your ISP will allocate a different IP
> address to your dsl modem. So your external IP address will
> change, requiring you to change the NAPT rule every time you
> reboot. By creating a template, you can specify 0.0.0.0 as
> the IP address and the NAPT rule will be dynamically
> generated using whatever external IP address your dsl modem
> has been assigned.
>
> For my setup, the NAPT template would be:
>
> inside address: 10.0.0.1:26
> outside address: 0.0.0.0:26
> protocol: tcp
>
> As for the router, your router may be different; however, I
> needed to create a Virtual Server entry in the router's
> Firewall section with the following:
>
> Virtual Server IP Address: <RedHat Linux Server IP Address>
> Service Name: Secure Shell Service Port: 26
>
> That is all I did on the router side. Since I did nothing to
> setup port 22, both my modem and router block messages coming
> on that port. I do not use DMZ.
>
> Since you can login from your internal network, your RedHat
> Linux firewall and sshd configuration seem to be working fine.
>
> Hope this helps,
> Michael
>
>
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=subscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=subscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
- Previous message: Felix Schueller: "Re: Timezone UTC (GMT)"
- Maybe in reply to: Burke, Thomas G.: "changing SSH ports"
- Next in thread: Mattias Pettersson: "RE: changing SSH ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
