Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
First off, port 80 is for websites, and 21 is for FTP. Port 22 is for ssh. You can go in the ssh.conf file and set it to listen at any port you choose, but using a port that is assigned can lead to wierd events. How does your ssh server deal with a request from a web browser? It should just refuse it, but you never know.
With a firewall, particularly a good hardware firewall, you could direct traffic from a given IP address (the one user) headed to port 80 or 21 to port 22 on the machine.
Also, what do you mean by only one user? Is there only one user on the machine, or do you only want one person of the several with accounts on it to have access to it?
Right you are my firend, just to clear things out, i know 80 if or http, i have a friend that can only access the 80 port from where he connects to the internet and i want him to be able to connect remotely on my machine (on port 22).
About that firewall, i have only my linux to use, how can i configure it rigt?
1) Edit /etc/ssh/sshd_config. Take the line that says
# What ports, IPs and protocols we listen for
and turn the 22 into 80. Then restart sshd.
2) That means you have ssh listening on 80, so if you run any webpages of of this box, you need to move them to some port other than 80.
3) For you, your friend, or anyone else to connect, You need to pass a port to the ssh client. That command should look like
ssh -p 80 your.ip.address.or.domainname
For the sake of security, make sure you don't allow root to ssh in (force users to log in as users then use su to elevate). Allowing root in directly is a major security hole, as all the script kiddies try to ssh as root. You may also want to use the authorized_keys file to allow access, and once you get the key from your friend, change the sshd_config again so that password authentication is disabled. That way nobody can get in except your friend. The way to set up such keys is covered on this page, close to the top with the title "How do I setup OpenSSH". Don't do it is root or backuppc as the article says, have your friend do it as the username he has on your machine. http://backuppc.sourceforge.net/faq/ssh.html
What I would do instead (assuming you know your friend's ip or domain name), is to put in some NAT rules using iptables (but only for that one ip). That way, the ssh server thinks it's communicating over port 22, and the client thinks it's communicating over port 80, and it only works for your friend.
Yes, Osor is correct, I didn't read carefully. If your friend can only come out on port 80, but you want him to connect at the standard port of 22, then you need to use a router or firewall to translate any request of his that comes in at port 80 to be forwarded to port 22. Without a hardware/software firewall or router to translate 80 (from his IP only) to 22, you won't get it to do what you want.
Doing what I suggested earlier would move SSH for everyone from 22 to 80, which is the inverse (converse?) of what you asked for. My bad.
Well, to start with, you need to have the required netfilter modules loaded (I don't know the names off the top of my head since mine are always in the kernel. I think just basic iptables.ko and iptables-nat.ko will do for this).
Then try (I haven't had time to thoroughly proofread, so if you have trouble, it's probably my fault):
The first rule will make your computer think that everything coming from your friend's IP with a TCP destination port of 80 should be interpreted as coming to TCP destination port 22 (using your IP). The second rule does the opposite (it makes everything destined to your friend with a source port of 22 actually leave your computer with a source port of 80).
This is a very basic implementation of what I was talking about. Of course, there are probably other, more elegant methods for this, so I await a post from someone more knowledgeable than I am about this stuff.