[colug-432] SSH

Steve VanSlyck s.vanslyck at spamcop.net
Thu Mar 10 06:30:05 EST 2011


I changed the port number from 22 to something else. I'm simply using
31210 as an example. I did restart ssh. The command was service sshd
restart. (The OS is CentOS 5.5.)

The changed port number was used in the client. I tested both from
across town (with the updated port number) and from somewhere else on
the planet, via an IRC friend.

An incorrect port number was the first thing I assumed, so I changed it
back (in ssh_config, sshd_config, on the router, and got the same
result. My initial thinking is to take the router out of the mix since
it's working inside 192.168.X.X but not from outside.


On Wed, 2011-03-09 at 20:17 -0600, Richard Hornsby wrote:
> On Mar 9, 2011, at 19:51 , Steve VanSlyck wrote:
> 
> > Well, I can ssh from the same box, and ssh from a box on the same
> > network, but cannot ssh from across town. The session times out
> > 
> > Port forwarding is set up on the router (Linksys). Using fake port
> > numbers,
> 
> "fake port numbers"?  port numbers matter, and unlike IP addresses, don't personally identify your machine.  22 is the normal port for SSH, it is listed in /etc/services, and is considered "well-known" for SSH.  Are the port numbers in your email fake?
> 
> If you wish to change the port, that is your prerogative.  There are a couple of things I can think of off hand:
> 
> 1. After changing sshd_config, make sure you restart sshd.  IIRC (it has been a while) on RH variants it is something like
> 
> /etc/init.d/rc.d/sshd restart
> 
> (oh how I miss the days of sending a process a simple HUP to make it re-read the config.)
> 
> 2. You have to specify a non-standard port in your ssh client.  It might be that you're able to log in locally because your client assumes 22, and you haven't restarted sshd yet.  When you try to get in externally, the port forwarding isn't configured for 22 - it is set up for 31210 - but again, sshd isn't listening on 31210.
> 
> 
> These might be obvious, and they're related.
> 
> If for some reason you want ssh to be on a non-standard port on the external facing side, you can always tell your router to port forward external:31210 to internal:22
> 
> I, however, wouldn't go changing it from 22 in the first place.  Just makes things harder on myself and doesn't add any meaningful measure of security.
> 
> -rj
> 
> 
> 
> > 
> > I have sshd_config set to port 31210, ssh_config set to the same thing,
> > and the applications and gaming page on the router forwards port 31210
> > (same number for both start and end of the range) to IP 192.168.1.102,
> > which ifconfig reports as being the box's internal IP address:
> > 
> > [steve at localhost ~]$ ifconfig
> > eth0      Link encap:Ethernet  HWaddr 00:11:85:65:41:38  
> >          inet addr:192.168.1.102  Bcast:192.168.1.255
> > Mask:255.255.255.0
> >          inet6 addr: fe80::211:85ff:fe65:4138/64 Scope:Link
> >          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> >          RX packets:7360 errors:0 dropped:0 overruns:0 frame:0
> >          TX packets:9076 errors:0 dropped:0 overruns:0 carrier:0
> >          collisions:0 txqueuelen:1000 
> >          RX bytes:6045785 (5.7 MiB)  TX bytes:1255649 (1.1 MiB)
> >          Interrupt:177 Memory:f0300000-f0310000 
> > 
> > lo        Link encap:Local Loopback  
> >          inet addr:127.0.0.1  Mask:255.0.0.0
> >          inet6 addr: ::1/128 Scope:Host
> >          UP LOOPBACK RUNNING  MTU:16436  Metric:1
> >          RX packets:1431 errors:0 dropped:0 overruns:0 frame:0
> >          TX packets:1431 errors:0 dropped:0 overruns:0 carrier:0
> >          collisions:0 txqueuelen:0 
> >          RX bytes:2303832 (2.1 MiB)  TX bytes:2303832 (2.1 MiB)
> > 
> > [steve at localhost ~]$
> > 
> > Ideas or thoughts?
> > 
> > 
> > _______________________________________________
> > colug-432 mailing list
> > colug-432 at colug.net
> > http://lists.colug.net/mailman/listinfo/colug-432
> 
> 
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432



More information about the colug-432 mailing list