*BSDThis forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
1st
SSH usually runs on port 22. As far as determining what port it's running under, It's probably not the best method, but I always just use nmap. ie 'nmap localhost'. If you have some IDS in place this will likely make it unhappy though.
3rd
I'm not sure whether SSH itself allows that kind of granularity, but you can easily solve the issue using a firewall. IPFilter is the standard firewall for freebsd if I remember right.
For your first question (port number), can you try the following:
Code:
ssh -v localhost
And look for a line like:
Code:
debug1: Connecting to localhost [127.0.0.1] port 22.
For your second question, try the following:
Code:
netstat --inet -a | grep 'ssh'
An output like the following means that it is listening on all interfaces:
Code:
tcp 0 0 *:ssh *:* LISTEN
For your third question, depending on how ssh was compiled, it may use hosts.allow/hosts.deny. Alternatively, you can configure your firewall rules to limit the hosts.
2) I would use nmap from an external computer or a website which does such things (portmapping). If it is blocked... look in your /etc/rc.conf to see if you have a firewall type described and then you can find that and change it to permit access.
3) Edit /etc/ssh/sshd_config and add
Code:
AllowUsers *@10.0.0.1
Replace the ip with the one you want (you can add more by seperating them with spaces and wild cards should work as well). With this done, only those users and hosts listed here will be able to log in. It's probably best to use:
Code:
AllowUsers username@ip.add.re.ss
As that will allow only you, and only from that ip.
Here is the relevant section of the man page.
Code:
AllowUsers
This keyword can be followed by a list of user name patterns,
separated by spaces. If specified, login is allowed only for
user names that match one of the patterns. `*' and `?' can be
used as wildcards in the patterns. Only user names are valid; a
numerical user ID is not recognized. By default, login is
allowed for all users. If the pattern takes the form USER@HOST
then USER and HOST are separately checked, restricting logins to
particular users from particular hosts.
For your first question (port number), can you try the following:
Code:
ssh -v localhost
And look for a line like:
Code:
debug1: Connecting to localhost [127.0.0.1] port 22.
How would this work if sshd was running on port 23005 (for example)? It wouldn't. This is just the verbose listing but it does provide the port information if the port is the standard one (which we already know is 22).
Quote:
For your second question, try the following:
Code:
netstat --inet -a | grep 'ssh'
An output like the following means that it is listening on all interfaces:
Code:
tcp 0 0 *:ssh *:* LISTEN
These options aren't valid. And, while netstat can be used... this would also only work with the standard port. The *:ssh uses /etc/services to look up the number... if sshd was listening on 666 for example, it would show up as *:doom
1. cat /etc/ssh/sshd_config | grep -i port (look for an uncommented line. 22 is default)
2. telnet serveraddress port (from an outside machine)
3. yes
4. putty or secureshell
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.