Hello,
with CentOS 6.2 - is it possible to configure OpenSSH daemon to listen on different IPs _and_ ports?
I have received a 2nd IP address for my server and have successfully configured by adding the new "/etc/sysconfig/network-scripts/ifcfg-eth0:1" file.
I'd like SSHd to keep listening at the_old_ip:22 but also at the_new_ip:443.
The 443 on the_old_ip is already taken by Apache, so I can't just write "Port 22" + "Port 443" to sshd_config.
Thank you Alex
2012/1/24 Alexander Farber alexander.farber@gmail.com:
Hello,
with CentOS 6.2 - is it possible to configure OpenSSH daemon to listen on different IPs _and_ ports?
I have received a 2nd IP address for my server and have successfully configured by adding the new "/etc/sysconfig/network-scripts/ifcfg-eth0:1" file.
I'd like SSHd to keep listening at the_old_ip:22 but also at the_new_ip:443.
The 443 on the_old_ip is already taken by Apache, so I can't just write "Port 22" + "Port 443" to sshd_config.
How about using iptables to forward 443 to 22? I think it is the simplest way to do this hack.
-- Eero
Hi Eero,
How about using iptables to forward 443 to 22? I think it is the simplest way to do this hack.
no, the simplest way is to tell sshd on which port to listen on each interface. Which is extremely straightforward.
Redirecting ports to other ports IMHO is neither particularly simple nor maintenance-friendly ... don't do it unless there really is no other way, or the next guy who has to figure out in a hurry what the system does will really, really hate you ... :-)
Best regards,
Peter.
2012/1/24 Alexander Farber alexander.farber@gmail.com
Hello,
with CentOS 6.2 - is it possible to configure OpenSSH daemon to listen on different IPs _and_ ports?
I have received a 2nd IP address for my server and have successfully configured by adding the new "/etc/sysconfig/network-scripts/ifcfg-eth0:1" file.
I'd like SSHd to keep listening at the_old_ip:22 but also at the_new_ip:443.
The 443 on the_old_ip is already taken by Apache, so I can't just write "Port 22" + "Port 443" to sshd_config.
Thank you Alex
Hi,
In order to do so, you just need to add in /etc/ssh/sshd_config: Port 22 Port 443
Then reload the ssh service.
Fabien
Thank you! And sorry for not re-reading the "man sshd_config"!
I guess, I was too stressed by having to configure my 2nd IP address :-)
Regards Alex
On 24.01.2012, at 13:23, Alexander Farber wrote:
I'd like SSHd to keep listening at the_old_ip:22 but also at the_new_ip:443.
# man sshd_config:
ListenAddress Specifies the local addresses sshd should listen on. The following forms may be used:
ListenAddress host|IPv4_addr|IPv6_addr ListenAddress host|IPv4_addr:port ListenAddress [host|IPv6_addr]:port
If port is not specified, sshd will listen on the address and all prior Port options specified. The default is to listen on all local addresses. Multiple ListenAddress options are permitted. Addition- ally, any Port options must precede this option for non port qualified addresses.
# grep ListenAddress /etc/sshd/sshd_config:
ListenAddress 127.0.0.1:443 ListenAddress 192.168.42.182:22
# netstat -antup | grep sshd
tcp 0 0 192.168.42.182:22 0.0.0.0:* LISTEN 31585/sshd tcp 0 0 127.0.0.1:443 0.0.0.0:* LISTEN 31585/sshd
Best regards,
Peter.
On Tue, 24 Jan 2012, Peter Eckel wrote:
On 24.01.2012, at 13:23, Alexander Farber wrote:
I'd like SSHd to keep listening at the_old_ip:22 but also at the_new_ip:443.
# man sshd_config:
ListenAddress Specifies the local addresses sshd should listen on. The following forms may be used: ListenAddress host|IPv4_addr|IPv6_addr ListenAddress host|IPv4_addr:port ListenAddress [host|IPv6_addr]:port If port is not specified, sshd will listen on the address and all prior Port options specified. The default is to listen on all local addresses. Multiple ListenAddress options are permitted. Addition- ally, any Port options must precede this option for non port qualified addresses.# grep ListenAddress /etc/sshd/sshd_config:
ListenAddress 127.0.0.1:443 ListenAddress 192.168.42.182:22
# netstat -antup | grep sshd
tcp 0 0 192.168.42.182:22 0.0.0.0:* LISTEN 31585/sshd tcp 0 0 127.0.0.1:443 0.0.0.0:* LISTEN 31585/sshd
Don't forget to tell selinux about the new port sshd is supposed to be listening on. Something like "semanage port -a -t ssh_port_t -p tcp 443" should do it.
To verify what you have set something like "semanage port -l | grep ssh_port_t" should tell you.
Regards,
-
Alexander Farber -
Eero Volotinen -
Fabien Archambault -
Marc Deop -
me@tdiehl.org -
Peter Eckel