RE: SSH on Multiple ports Fedora Core 4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Sorry, I've never done that...


> -----Original Message-----
> From: fedora-list-bounces@xxxxxxxxxx 
> [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of John Gallagher
> Sent: Monday, November 28, 2005 2:21 PM
> To: 'For users of Fedora Core releases'
> Subject: RE: SSH on Multiple ports Fedora Core 4
> 
> 
> I want it to run on multiple ports but with different 
> options.  The service running on port 5000 will be open for 
> outside connections, RSA only, and no root login.  I want the 
> standard config to also run so that internally you do not 
> need a RSA key and can login as root. 
> 
> John 
> > -----Original Message-----
> > From: fedora-list-bounces@xxxxxxxxxx
> > [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of Mark
> > Sent: Monday, November 28, 2005 2:14 PM
> > To: John.Gallagher@xxxxxxxxxxxxxx; 'For users of Fedora 
> Core releases'
> > Subject: RE: SSH on Multiple ports Fedora Core 4
> > 
> > If you just want your sshd to liston on multiple ports,
> > modify your /etc/ssh/sshd_config and add one port directive 
> > for each additional port.
> > By default, it has a line
> > #Port 22
> > 
> > Activate this line and add more for the other ports:
> > 
> > Port 22
> > Port 5000
> > Port 4233
> > Etc.
> > 
> > For more info, try "man sshd_config"
> > 
> > MARK
> > 
> > 
> > > -----Original Message-----
> > > From: fedora-list-bounces@xxxxxxxxxx 
> > > [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of John 
> Gallagher
> > > Sent: Monday, November 28, 2005 1:47 PM
> > > To: fedora-list@xxxxxxxxxx
> > > Subject: SSH on Multiple ports Fedora Core 4
> > > 
> > > 
> > > I have created a separate config file for SSH to run and listen on
> > > another port (for example: 5000 RSA connections only).  I created 
> > > another init script called sshd-ext in /etc/init.d (Minor 
> > > Modifications see file below). I created file to call the 
> > new config
> > > in /etc/sysconfig/sshd-ext.
> > > 
> > > All seems to work fine except I get errors in the security logs.
> > > Which I have seen from others post on the Fedora forum.
> > > 
> > > Nov 28 12:26:58 vpn sshd[26691]: error: Bind to port 5000
> > on 0.0.0.0
> > > failed: Address already in use. Nov 28 12:35:42 vpn
> > > sshd[26691]: Received signal 15; terminating.
> > > 
> > > I edited the conf file and specified the IP Address of the
> > interface
> > > to use for this config:
> > > 
> > > Port 5000
> > > #Protocol 2,1
> > > ListenAddress 10.200.16.10
> > > #ListenAddress 0.0.0.0
> > > #ListenAddress ::
> > > 
> > > I verified the original sshd_confid was only listening on
> > 0.0.0.0 and
> > > not ::
> > > 
> > > The problem is ssh seems to use the same PID for both 
> processes and
> > > always wants to bind on port 22 for some reason.  If I 
> > restart one of
> > > the processes it can and sometimes does kill the other process.
> > > 
> > > service sshd restart will kill the process started as sshd-ext.
> > >  
> > > I also run the same config on FC1 and I have do not have
> > these issues.
> > >  
> > > See version and intit scripts below:
> > > 
> > > [root@vpn root]# rpm -qa |grep ssh openssh-askpass-3.6.1p2-34
> > > openssh-3.6.1p2-34
> > > openssh-clients-3.6.1p2-34
> > > openssh-askpass-gnome-3.6.1p2-34
> > > openssh-server-3.6.1p2-34
> > > [root@vpn root]#
> > > 
> > > [root@vpn root]# cat /etc/init.d/sshd-ext #!/bin/bash # # 
> Init file
> > > for OpenSSH server daemon # # chkconfig: 2345 55 25 # 
> description: 
> > > OpenSSH server daemon # # processname: sshd # config: 
> > > /etc/ssh/ssh_host_key # config: /etc/ssh/ssh_host_key.pub 
> # config: 
> > > /etc/ssh/ssh_random_seed # config: /etc/ssh/sshd_config # 
> pidfile: 
> > > /var/run/sshd-ext.pid
> > > 
> > > # source function library
> > > . /etc/rc.d/init.d/functions
> > > 
> > > # pull in sysconfig settings
> > > [ -f /etc/sysconfig/sshd-ext ] && . /etc/sysconfig/sshd-ext
> > > 
> > > RETVAL=0
> > > prog="sshd"
> > > 
> > > # Some functions to make the below more readable
> > > KEYGEN=/usr/bin/ssh-keygen SSHD=/usr/sbin/sshd 
> > > RSA1_KEY=/etc/ssh/ssh_host_key RSA_KEY=/etc/ssh/ssh_host_rsa_key 
> > > DSA_KEY=/etc/ssh/ssh_host_dsa_key PID_FILE=/var/run/sshd-ext.pid
> > > 
> > > do_rsa1_keygen() {
> > >         if [ ! -s $RSA1_KEY ]; then
> > >                 echo -n $"Generating SSH1 RSA host key: "
> > >                 if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N ''
> > > >&/dev/null; then
> > >                         chmod 600 $RSA1_KEY
> > >                         chmod 644 $RSA1_KEY.pub
> > >                         success $"RSA1 key generation"
> > >                         echo
> > >                 else
> > >                         failure $"RSA1 key generation"
> > >                         echo
> > >                         exit 1
> > >                 fi
> > >         fi
> > > }
> > > 
> > > do_rsa_keygen() {
> > >         if [ ! -s $RSA_KEY ]; then
> > >                 echo -n $"Generating SSH2 RSA host key: "
> > >                 if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N ''
> > > >&/dev/null; then
> > >                         chmod 600 $RSA_KEY
> > >                         chmod 644 $RSA_KEY.pub
> > >                         success $"RSA key generation"
> > >                         echo
> > >                 else
> > >                         failure $"RSA key generation"
> > >                         echo
> > >                         exit 1
> > >                 fi
> > >         fi
> > > }
> > > 
> > > do_dsa_keygen() {
> > >         if [ ! -s $DSA_KEY ]; then
> > >                 echo -n $"Generating SSH2 DSA host key: "
> > >                 if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N ''
> > > >&/dev/null; then
> > >                         chmod 600 $DSA_KEY
> > >                         chmod 644 $DSA_KEY.pub
> > >                         success $"DSA key generation"
> > >                         echo
> > >                 else
> > >                         failure $"DSA key generation"
> > >                         echo
> > >                         exit 1
> > >                 fi
> > >         fi
> > > }
> > > 
> > > do_restart_sanity_check()
> > > {
> > >         $SSHD -t
> > >         RETVAL=$?
> > >         if [ ! "$RETVAL" = 0 ]; then
> > >                 failure $"Configuration file or keys are invalid"
> > >                 echo
> > >         fi
> > > }
> > > 
> > > start()
> > > {
> > >         # Create keys if necessary
> > >         do_rsa1_keygen
> > >         do_rsa_keygen
> > >         do_dsa_keygen
> > > 
> > >         echo -n $"Starting $prog:"
> > >         initlog -c "$SSHD $OPTIONS" && success || failure
> > >         RETVAL=$?
> > >         [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd-ext
> > >         echo
> > > }
> > > 
> > > stop()
> > > {
> > >         echo -n $"Stopping $prog:"
> > >         killproc $SSHD -TERM
> > >         RETVAL=$?
> > >         [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd-ext
> > >         echo
> > > }
> > > 
> > > reload()
> > > {
> > >         echo -n $"Reloading $prog:"
> > >         killproc $SSHD -HUP
> > >         RETVAL=$?
> > >         echo
> > > }
> > > 
> > > case "$1" in
> > >         start)
> > >                 start
> > >                 ;;
> > >         stop)
> > >                 stop
> > >                 ;;
> > >         restart)
> > >                 stop
> > >                 start
> > >                 ;;
> > >         reload)
> > >                 reload
> > >                 ;;
> > >         condrestart)
> > >                 if [ -f /var/lock/subsys/sshd-ext ] ; then
> > >                         do_restart_sanity_check
> > >                         if [ "$RETVAL" = 0 ] ; then
> > >                                 stop
> > >                                 # avoid race
> > >                                 sleep 3
> > >                                 start
> > >                         fi
> > >                 fi
> > >                 ;;
> > >         status)
> > >                 status $SSHD
> > >                 RETVAL=$?
> > >                 ;;
> > >         *)
> > >                 echo $"Usage: $0 
> > > {start|stop|restart|reload|condrestart|status}"
> > >                 RETVAL=1
> > > esac
> > > exit $RETVAL
> > > [root@vpn root]#
> > >  
> > > 
> > > --
> > > fedora-list mailing list
> > > fedora-list@xxxxxxxxxx
> > > To unsubscribe: 
> https://www.redhat.com/mailman/listinfo/fedora-list
> > > 
> > 
> > --
> > fedora-list mailing list
> > fedora-list@xxxxxxxxxx
> > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> > 
> 
> -- 
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> 


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux