|
ssh -p x still connects to port 22
I want to have ssh access to server14 through port x, and block port 22.
On my desktop, I give the command: 'ssh -p x server14', where x is above 1024. On server14, i changed /etc/ssh/sshd_config to listen to port x (Port=x) With switched-off the iptables on server14, I can connect with ssh. But if I have iptables running, with rule: -A INPUT -p tcp --dport x -j ACCEPT, I cannot connect. The logging on server 14 says: Code:
Dropped by firewall INPUT: IN=eth0 OUT=<snip> PROTO=TCP SPT=42225 DPT=22 WINDOW=14600 RES=0x00 SYN URGP=0How is that possible?? On the desktop, I can run 'ssh -v -v -p x server14', I get: Code:
OpenSSH_5.6p1, OpenSSL 1.0.0j-fips 10 May 2012How can I connect to server14, only through port x? |
Well it may be possible that your ssh_config file is taking over, it shouldn't with the -p option but as an easy troubleshooting step and to make life easier you should update your /etc/ssh/ssh_config file on the client that is connecting to the server to update the port directive and specify your 1024 port.
Also, make sure you don't have any iptable translation rules on your client. |
Hi Kustom42.
It is not the ssh_config. I see in the IpTables log file of the client, the outgoing port is correct. However, in the log file of the server, the incoming port is 22 (not correct). I did play with prerouting before: #$IPT -t nat -A PREROUTING -p tcp --dport x -j DNAT --to-destination :22 But that line is commented now. BUT connecting with 'ssh -p y server14' (y != x), works correctly!!! So somewhere, the forwarding (prerouting) is still active. iptables -L does not say it. Luckily it is on a virtual test server, not on my live servers..... Your last line did pointed me to the error. Thanks! |
| All times are GMT -5. The time now is 03:41 AM. |