[CentOS] Security advice, please

Mon Mar 23 18:59:51 UTC 2009
Steve Huff <shuff at vecna.org>

On Mar 23, 2009, at 2:37 PM, Anne Wilson wrote:

> OK - I'm thick.  I've looked at that page and seen only what I'm  
> already
> familiar with.  Please, in plain English, how do I set ssh to come  
> in on port
> 22022 (service called ext-ssh already set up for that) to be  
> forwarded to
> 192.168.0.xx port 22?


Anne,

if the router really isn't making it easy for you to forward from port  
22022 to port 22, you could also solve this problem by having sshd  
listen on port 22022 on the server.  do this by editing /etc/ssh/ 
sshd_config such that the following two lines *both* appear before any  
ListenAddress specification:

Port 22
Port 22022

if you're running a software firewall on the host, make sure you poke  
a hole so that traffic can pass from the router to port 22022 on the  
server.  then configure the router to forward from external port 22022  
to internal port 22022, and you're done.

-steve

--
If this were played upon a stage now, I could condemn it as an  
improbable fiction. - Fabian, Twelfth Night, III,v



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2209 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20090323/3f5c81ae/attachment-0005.p7s>