I want it to run on multiple ports but with different options. The service running on port 5000 will be open for outside connections, RSA only, and no root login. I want the standard config to also run so that internally you do not need a RSA key and can login as root. John > -----Original Message----- > From: fedora-list-bounces@xxxxxxxxxx > [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of Mark > Sent: Monday, November 28, 2005 2:14 PM > To: John.Gallagher@xxxxxxxxxxxxxx; 'For users of Fedora Core releases' > Subject: RE: SSH on Multiple ports Fedora Core 4 > > If you just want your sshd to liston on multiple ports, > modify your /etc/ssh/sshd_config and add one port directive > for each additional port. > By default, it has a line > #Port 22 > > Activate this line and add more for the other ports: > > Port 22 > Port 5000 > Port 4233 > Etc. > > For more info, try "man sshd_config" > > MARK > > > > -----Original Message----- > > From: fedora-list-bounces@xxxxxxxxxx > > [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of John Gallagher > > Sent: Monday, November 28, 2005 1:47 PM > > To: fedora-list@xxxxxxxxxx > > Subject: SSH on Multiple ports Fedora Core 4 > > > > > > I have created a separate config file for SSH to run and listen on > > another port (for example: 5000 RSA connections only). I created > > another init script called sshd-ext in /etc/init.d (Minor > > Modifications see file below). I created file to call the > new config > > in /etc/sysconfig/sshd-ext. > > > > All seems to work fine except I get errors in the security logs. > > Which I have seen from others post on the Fedora forum. > > > > Nov 28 12:26:58 vpn sshd[26691]: error: Bind to port 5000 > on 0.0.0.0 > > failed: Address already in use. Nov 28 12:35:42 vpn > > sshd[26691]: Received signal 15; terminating. > > > > I edited the conf file and specified the IP Address of the > interface > > to use for this config: > > > > Port 5000 > > #Protocol 2,1 > > ListenAddress 10.200.16.10 > > #ListenAddress 0.0.0.0 > > #ListenAddress :: > > > > I verified the original sshd_confid was only listening on > 0.0.0.0 and > > not :: > > > > The problem is ssh seems to use the same PID for both processes and > > always wants to bind on port 22 for some reason. If I > restart one of > > the processes it can and sometimes does kill the other process. > > > > service sshd restart will kill the process started as sshd-ext. > > > > I also run the same config on FC1 and I have do not have > these issues. > > > > See version and intit scripts below: > > > > [root@vpn root]# rpm -qa |grep ssh > > openssh-askpass-3.6.1p2-34 > > openssh-3.6.1p2-34 > > openssh-clients-3.6.1p2-34 > > openssh-askpass-gnome-3.6.1p2-34 > > openssh-server-3.6.1p2-34 > > [root@vpn root]# > > > > [root@vpn root]# cat /etc/init.d/sshd-ext #!/bin/bash # # Init file > > for OpenSSH server daemon # # chkconfig: 2345 55 25 # description: > > OpenSSH server daemon # # processname: sshd # config: > > /etc/ssh/ssh_host_key # config: /etc/ssh/ssh_host_key.pub # config: > > /etc/ssh/ssh_random_seed # config: /etc/ssh/sshd_config # pidfile: > > /var/run/sshd-ext.pid > > > > # source function library > > . /etc/rc.d/init.d/functions > > > > # pull in sysconfig settings > > [ -f /etc/sysconfig/sshd-ext ] && . /etc/sysconfig/sshd-ext > > > > RETVAL=0 > > prog="sshd" > > > > # Some functions to make the below more readable > > KEYGEN=/usr/bin/ssh-keygen SSHD=/usr/sbin/sshd > > RSA1_KEY=/etc/ssh/ssh_host_key RSA_KEY=/etc/ssh/ssh_host_rsa_key > > DSA_KEY=/etc/ssh/ssh_host_dsa_key PID_FILE=/var/run/sshd-ext.pid > > > > do_rsa1_keygen() { > > if [ ! -s $RSA1_KEY ]; then > > echo -n $"Generating SSH1 RSA host key: " > > if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' > > >&/dev/null; then > > chmod 600 $RSA1_KEY > > chmod 644 $RSA1_KEY.pub > > success $"RSA1 key generation" > > echo > > else > > failure $"RSA1 key generation" > > echo > > exit 1 > > fi > > fi > > } > > > > do_rsa_keygen() { > > if [ ! -s $RSA_KEY ]; then > > echo -n $"Generating SSH2 RSA host key: " > > if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' > > >&/dev/null; then > > chmod 600 $RSA_KEY > > chmod 644 $RSA_KEY.pub > > success $"RSA key generation" > > echo > > else > > failure $"RSA key generation" > > echo > > exit 1 > > fi > > fi > > } > > > > do_dsa_keygen() { > > if [ ! -s $DSA_KEY ]; then > > echo -n $"Generating SSH2 DSA host key: " > > if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' > > >&/dev/null; then > > chmod 600 $DSA_KEY > > chmod 644 $DSA_KEY.pub > > success $"DSA key generation" > > echo > > else > > failure $"DSA key generation" > > echo > > exit 1 > > fi > > fi > > } > > > > do_restart_sanity_check() > > { > > $SSHD -t > > RETVAL=$? > > if [ ! "$RETVAL" = 0 ]; then > > failure $"Configuration file or keys are invalid" > > echo > > fi > > } > > > > start() > > { > > # Create keys if necessary > > do_rsa1_keygen > > do_rsa_keygen > > do_dsa_keygen > > > > echo -n $"Starting $prog:" > > initlog -c "$SSHD $OPTIONS" && success || failure > > RETVAL=$? > > [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd-ext > > echo > > } > > > > stop() > > { > > echo -n $"Stopping $prog:" > > killproc $SSHD -TERM > > RETVAL=$? > > [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd-ext > > echo > > } > > > > reload() > > { > > echo -n $"Reloading $prog:" > > killproc $SSHD -HUP > > RETVAL=$? > > echo > > } > > > > case "$1" in > > start) > > start > > ;; > > stop) > > stop > > ;; > > restart) > > stop > > start > > ;; > > reload) > > reload > > ;; > > condrestart) > > if [ -f /var/lock/subsys/sshd-ext ] ; then > > do_restart_sanity_check > > if [ "$RETVAL" = 0 ] ; then > > stop > > # avoid race > > sleep 3 > > start > > fi > > fi > > ;; > > status) > > status $SSHD > > RETVAL=$? > > ;; > > *) > > echo $"Usage: $0 > > {start|stop|restart|reload|condrestart|status}" > > RETVAL=1 > > esac > > exit $RETVAL > > [root@vpn root]# > > > > > > -- > > fedora-list mailing list > > fedora-list@xxxxxxxxxx > > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list > > > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list >
