SSH on Multiple ports Fedora Core 4
Mark
msalists at gmx.net
Mon Nov 28 22:31:11 UTC 2005
Sorry, I've never done that...
> -----Original Message-----
> From: fedora-list-bounces at redhat.com
> [mailto:fedora-list-bounces at redhat.com] On Behalf Of John Gallagher
> Sent: Monday, November 28, 2005 2:21 PM
> To: 'For users of Fedora Core releases'
> Subject: RE: SSH on Multiple ports Fedora Core 4
>
>
> I want it to run on multiple ports but with different
> options. The service running on port 5000 will be open for
> outside connections, RSA only, and no root login. I want the
> standard config to also run so that internally you do not
> need a RSA key and can login as root.
>
> John
> > -----Original Message-----
> > From: fedora-list-bounces at redhat.com
> > [mailto:fedora-list-bounces at redhat.com] On Behalf Of Mark
> > Sent: Monday, November 28, 2005 2:14 PM
> > To: John.Gallagher at ciosystems.com; 'For users of Fedora
> Core releases'
> > Subject: RE: SSH on Multiple ports Fedora Core 4
> >
> > If you just want your sshd to liston on multiple ports,
> > modify your /etc/ssh/sshd_config and add one port directive
> > for each additional port.
> > By default, it has a line
> > #Port 22
> >
> > Activate this line and add more for the other ports:
> >
> > Port 22
> > Port 5000
> > Port 4233
> > Etc.
> >
> > For more info, try "man sshd_config"
> >
> > MARK
> >
> >
> > > -----Original Message-----
> > > From: fedora-list-bounces at redhat.com
> > > [mailto:fedora-list-bounces at redhat.com] On Behalf Of John
> Gallagher
> > > Sent: Monday, November 28, 2005 1:47 PM
> > > To: fedora-list at redhat.com
> > > Subject: SSH on Multiple ports Fedora Core 4
> > >
> > >
> > > I have created a separate config file for SSH to run and listen on
> > > another port (for example: 5000 RSA connections only). I created
> > > another init script called sshd-ext in /etc/init.d (Minor
> > > Modifications see file below). I created file to call the
> > new config
> > > in /etc/sysconfig/sshd-ext.
> > >
> > > All seems to work fine except I get errors in the security logs.
> > > Which I have seen from others post on the Fedora forum.
> > >
> > > Nov 28 12:26:58 vpn sshd[26691]: error: Bind to port 5000
> > on 0.0.0.0
> > > failed: Address already in use. Nov 28 12:35:42 vpn
> > > sshd[26691]: Received signal 15; terminating.
> > >
> > > I edited the conf file and specified the IP Address of the
> > interface
> > > to use for this config:
> > >
> > > Port 5000
> > > #Protocol 2,1
> > > ListenAddress 10.200.16.10
> > > #ListenAddress 0.0.0.0
> > > #ListenAddress ::
> > >
> > > I verified the original sshd_confid was only listening on
> > 0.0.0.0 and
> > > not ::
> > >
> > > The problem is ssh seems to use the same PID for both
> processes and
> > > always wants to bind on port 22 for some reason. If I
> > restart one of
> > > the processes it can and sometimes does kill the other process.
> > >
> > > service sshd restart will kill the process started as sshd-ext.
> > >
> > > I also run the same config on FC1 and I have do not have
> > these issues.
> > >
> > > See version and intit scripts below:
> > >
> > > [root at vpn root]# rpm -qa |grep ssh openssh-askpass-3.6.1p2-34
> > > openssh-3.6.1p2-34
> > > openssh-clients-3.6.1p2-34
> > > openssh-askpass-gnome-3.6.1p2-34
> > > openssh-server-3.6.1p2-34
> > > [root at vpn root]#
> > >
> > > [root at vpn root]# cat /etc/init.d/sshd-ext #!/bin/bash # #
> Init file
> > > for OpenSSH server daemon # # chkconfig: 2345 55 25 #
> description:
> > > OpenSSH server daemon # # processname: sshd # config:
> > > /etc/ssh/ssh_host_key # config: /etc/ssh/ssh_host_key.pub
> # config:
> > > /etc/ssh/ssh_random_seed # config: /etc/ssh/sshd_config #
> pidfile:
> > > /var/run/sshd-ext.pid
> > >
> > > # source function library
> > > . /etc/rc.d/init.d/functions
> > >
> > > # pull in sysconfig settings
> > > [ -f /etc/sysconfig/sshd-ext ] && . /etc/sysconfig/sshd-ext
> > >
> > > RETVAL=0
> > > prog="sshd"
> > >
> > > # Some functions to make the below more readable
> > > KEYGEN=/usr/bin/ssh-keygen SSHD=/usr/sbin/sshd
> > > RSA1_KEY=/etc/ssh/ssh_host_key RSA_KEY=/etc/ssh/ssh_host_rsa_key
> > > DSA_KEY=/etc/ssh/ssh_host_dsa_key PID_FILE=/var/run/sshd-ext.pid
> > >
> > > do_rsa1_keygen() {
> > > if [ ! -s $RSA1_KEY ]; then
> > > echo -n $"Generating SSH1 RSA host key: "
> > > if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N ''
> > > >&/dev/null; then
> > > chmod 600 $RSA1_KEY
> > > chmod 644 $RSA1_KEY.pub
> > > success $"RSA1 key generation"
> > > echo
> > > else
> > > failure $"RSA1 key generation"
> > > echo
> > > exit 1
> > > fi
> > > fi
> > > }
> > >
> > > do_rsa_keygen() {
> > > if [ ! -s $RSA_KEY ]; then
> > > echo -n $"Generating SSH2 RSA host key: "
> > > if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N ''
> > > >&/dev/null; then
> > > chmod 600 $RSA_KEY
> > > chmod 644 $RSA_KEY.pub
> > > success $"RSA key generation"
> > > echo
> > > else
> > > failure $"RSA key generation"
> > > echo
> > > exit 1
> > > fi
> > > fi
> > > }
> > >
> > > do_dsa_keygen() {
> > > if [ ! -s $DSA_KEY ]; then
> > > echo -n $"Generating SSH2 DSA host key: "
> > > if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N ''
> > > >&/dev/null; then
> > > chmod 600 $DSA_KEY
> > > chmod 644 $DSA_KEY.pub
> > > success $"DSA key generation"
> > > echo
> > > else
> > > failure $"DSA key generation"
> > > echo
> > > exit 1
> > > fi
> > > fi
> > > }
> > >
> > > do_restart_sanity_check()
> > > {
> > > $SSHD -t
> > > RETVAL=$?
> > > if [ ! "$RETVAL" = 0 ]; then
> > > failure $"Configuration file or keys are invalid"
> > > echo
> > > fi
> > > }
> > >
> > > start()
> > > {
> > > # Create keys if necessary
> > > do_rsa1_keygen
> > > do_rsa_keygen
> > > do_dsa_keygen
> > >
> > > echo -n $"Starting $prog:"
> > > initlog -c "$SSHD $OPTIONS" && success || failure
> > > RETVAL=$?
> > > [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd-ext
> > > echo
> > > }
> > >
> > > stop()
> > > {
> > > echo -n $"Stopping $prog:"
> > > killproc $SSHD -TERM
> > > RETVAL=$?
> > > [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd-ext
> > > echo
> > > }
> > >
> > > reload()
> > > {
> > > echo -n $"Reloading $prog:"
> > > killproc $SSHD -HUP
> > > RETVAL=$?
> > > echo
> > > }
> > >
> > > case "$1" in
> > > start)
> > > start
> > > ;;
> > > stop)
> > > stop
> > > ;;
> > > restart)
> > > stop
> > > start
> > > ;;
> > > reload)
> > > reload
> > > ;;
> > > condrestart)
> > > if [ -f /var/lock/subsys/sshd-ext ] ; then
> > > do_restart_sanity_check
> > > if [ "$RETVAL" = 0 ] ; then
> > > stop
> > > # avoid race
> > > sleep 3
> > > start
> > > fi
> > > fi
> > > ;;
> > > status)
> > > status $SSHD
> > > RETVAL=$?
> > > ;;
> > > *)
> > > echo $"Usage: $0
> > > {start|stop|restart|reload|condrestart|status}"
> > > RETVAL=1
> > > esac
> > > exit $RETVAL
> > > [root at vpn root]#
> > >
> > >
> > > --
> > > fedora-list mailing list
> > > fedora-list at redhat.com
> > > To unsubscribe:
> https://www.redhat.com/mailman/listinfo/fedora-list
> > >
> >
> > --
> > fedora-list mailing list
> > fedora-list at redhat.com
> > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> >
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
More information about the users
mailing list