Sorry, I've never done that... > -----Original Message----- > From: fedora-list-bounces@xxxxxxxxxx > [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of John Gallagher > Sent: Monday, November 28, 2005 2:21 PM > To: 'For users of Fedora Core releases' > Subject: RE: SSH on Multiple ports Fedora Core 4 > > > I want it to run on multiple ports but with different > options. The service running on port 5000 will be open for > outside connections, RSA only, and no root login. I want the > standard config to also run so that internally you do not > need a RSA key and can login as root. > > John > > -----Original Message----- > > From: fedora-list-bounces@xxxxxxxxxx > > [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of Mark > > Sent: Monday, November 28, 2005 2:14 PM > > To: John.Gallagher@xxxxxxxxxxxxxx; 'For users of Fedora > Core releases' > > Subject: RE: SSH on Multiple ports Fedora Core 4 > > > > If you just want your sshd to liston on multiple ports, > > modify your /etc/ssh/sshd_config and add one port directive > > for each additional port. > > By default, it has a line > > #Port 22 > > > > Activate this line and add more for the other ports: > > > > Port 22 > > Port 5000 > > Port 4233 > > Etc. > > > > For more info, try "man sshd_config" > > > > MARK > > > > > > > -----Original Message----- > > > From: fedora-list-bounces@xxxxxxxxxx > > > [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of John > Gallagher > > > Sent: Monday, November 28, 2005 1:47 PM > > > To: fedora-list@xxxxxxxxxx > > > Subject: SSH on Multiple ports Fedora Core 4 > > > > > > > > > I have created a separate config file for SSH to run and listen on > > > another port (for example: 5000 RSA connections only). I created > > > another init script called sshd-ext in /etc/init.d (Minor > > > Modifications see file below). I created file to call the > > new config > > > in /etc/sysconfig/sshd-ext. > > > > > > All seems to work fine except I get errors in the security logs. > > > Which I have seen from others post on the Fedora forum. > > > > > > Nov 28 12:26:58 vpn sshd[26691]: error: Bind to port 5000 > > on 0.0.0.0 > > > failed: Address already in use. Nov 28 12:35:42 vpn > > > sshd[26691]: Received signal 15; terminating. > > > > > > I edited the conf file and specified the IP Address of the > > interface > > > to use for this config: > > > > > > Port 5000 > > > #Protocol 2,1 > > > ListenAddress 10.200.16.10 > > > #ListenAddress 0.0.0.0 > > > #ListenAddress :: > > > > > > I verified the original sshd_confid was only listening on > > 0.0.0.0 and > > > not :: > > > > > > The problem is ssh seems to use the same PID for both > processes and > > > always wants to bind on port 22 for some reason. If I > > restart one of > > > the processes it can and sometimes does kill the other process. > > > > > > service sshd restart will kill the process started as sshd-ext. > > > > > > I also run the same config on FC1 and I have do not have > > these issues. > > > > > > See version and intit scripts below: > > > > > > [root@vpn root]# rpm -qa |grep ssh openssh-askpass-3.6.1p2-34 > > > openssh-3.6.1p2-34 > > > openssh-clients-3.6.1p2-34 > > > openssh-askpass-gnome-3.6.1p2-34 > > > openssh-server-3.6.1p2-34 > > > [root@vpn root]# > > > > > > [root@vpn root]# cat /etc/init.d/sshd-ext #!/bin/bash # # > Init file > > > for OpenSSH server daemon # # chkconfig: 2345 55 25 # > description: > > > OpenSSH server daemon # # processname: sshd # config: > > > /etc/ssh/ssh_host_key # config: /etc/ssh/ssh_host_key.pub > # config: > > > /etc/ssh/ssh_random_seed # config: /etc/ssh/sshd_config # > pidfile: > > > /var/run/sshd-ext.pid > > > > > > # source function library > > > . /etc/rc.d/init.d/functions > > > > > > # pull in sysconfig settings > > > [ -f /etc/sysconfig/sshd-ext ] && . /etc/sysconfig/sshd-ext > > > > > > RETVAL=0 > > > prog="sshd" > > > > > > # Some functions to make the below more readable > > > KEYGEN=/usr/bin/ssh-keygen SSHD=/usr/sbin/sshd > > > RSA1_KEY=/etc/ssh/ssh_host_key RSA_KEY=/etc/ssh/ssh_host_rsa_key > > > DSA_KEY=/etc/ssh/ssh_host_dsa_key PID_FILE=/var/run/sshd-ext.pid > > > > > > do_rsa1_keygen() { > > > if [ ! -s $RSA1_KEY ]; then > > > echo -n $"Generating SSH1 RSA host key: " > > > if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' > > > >&/dev/null; then > > > chmod 600 $RSA1_KEY > > > chmod 644 $RSA1_KEY.pub > > > success $"RSA1 key generation" > > > echo > > > else > > > failure $"RSA1 key generation" > > > echo > > > exit 1 > > > fi > > > fi > > > } > > > > > > do_rsa_keygen() { > > > if [ ! -s $RSA_KEY ]; then > > > echo -n $"Generating SSH2 RSA host key: " > > > if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' > > > >&/dev/null; then > > > chmod 600 $RSA_KEY > > > chmod 644 $RSA_KEY.pub > > > success $"RSA key generation" > > > echo > > > else > > > failure $"RSA key generation" > > > echo > > > exit 1 > > > fi > > > fi > > > } > > > > > > do_dsa_keygen() { > > > if [ ! -s $DSA_KEY ]; then > > > echo -n $"Generating SSH2 DSA host key: " > > > if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' > > > >&/dev/null; then > > > chmod 600 $DSA_KEY > > > chmod 644 $DSA_KEY.pub > > > success $"DSA key generation" > > > echo > > > else > > > failure $"DSA key generation" > > > echo > > > exit 1 > > > fi > > > fi > > > } > > > > > > do_restart_sanity_check() > > > { > > > $SSHD -t > > > RETVAL=$? > > > if [ ! "$RETVAL" = 0 ]; then > > > failure $"Configuration file or keys are invalid" > > > echo > > > fi > > > } > > > > > > start() > > > { > > > # Create keys if necessary > > > do_rsa1_keygen > > > do_rsa_keygen > > > do_dsa_keygen > > > > > > echo -n $"Starting $prog:" > > > initlog -c "$SSHD $OPTIONS" && success || failure > > > RETVAL=$? > > > [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd-ext > > > echo > > > } > > > > > > stop() > > > { > > > echo -n $"Stopping $prog:" > > > killproc $SSHD -TERM > > > RETVAL=$? > > > [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd-ext > > > echo > > > } > > > > > > reload() > > > { > > > echo -n $"Reloading $prog:" > > > killproc $SSHD -HUP > > > RETVAL=$? > > > echo > > > } > > > > > > case "$1" in > > > start) > > > start > > > ;; > > > stop) > > > stop > > > ;; > > > restart) > > > stop > > > start > > > ;; > > > reload) > > > reload > > > ;; > > > condrestart) > > > if [ -f /var/lock/subsys/sshd-ext ] ; then > > > do_restart_sanity_check > > > if [ "$RETVAL" = 0 ] ; then > > > stop > > > # avoid race > > > sleep 3 > > > start > > > fi > > > fi > > > ;; > > > status) > > > status $SSHD > > > RETVAL=$? > > > ;; > > > *) > > > echo $"Usage: $0 > > > {start|stop|restart|reload|condrestart|status}" > > > RETVAL=1 > > > esac > > > exit $RETVAL > > > [root@vpn root]# > > > > > > > > > -- > > > fedora-list mailing list > > > fedora-list@xxxxxxxxxx > > > To unsubscribe: > https://www.redhat.com/mailman/listinfo/fedora-list > > > > > > > -- > > fedora-list mailing list > > fedora-list@xxxxxxxxxx > > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list > > > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list >
