|
SSH on port 25 or 110
I am trying to SSH to my machine on our campus network. The only ports that I can see as open are 25 and 110 (smtp and pop3). I don't use smtp or pop3 on my linux box (mythtv only), is there a way that I can configure sshd to listen to port 25 or 110? I tried just changing it in sshd_config but haven't had any success. Is there anything special I have to do or is this just not possible?
Thanks Matt |
Port 25 is the "well known port" for telnet. You can probably run sshd there but need to make sure telnetd is disabled in inetd or xinetd so they don't both try to use that port. You probably don't want to use port 25 though since your average hacker is apt to try port 25 to see if telnet works.
Also you probably need to modify /etc/services so it knows which port you're using for sshd. How do you know only 25 and 110 are open? If that's truly the case it suggests there is other traffic expected on those ports by your network admins and you're pushing ssh packets over it might cause them to come and talk to you. It would be better to try to convince them to open port 22 (the default for ssh) and explain the security benefits of ssh over telnet to them. |
If you change the "Port" setting in sshd_config then you can have the SSH daemon listening at whatever port you want.
When you changed the sshd_config did you restart the daemon ? If not, then you need to restart it so that it can re-read its configuration. If yes, then you probably have another daemon running on 25 (postfix,exim,sendmail,qmail etc) BTW 25 = smtp and not telnet (23) |
Quote:
:eek: |
Our campus network is setup in vlans so only certain traffic gets passed between vlans. I have my own router between my boxes and the rest of the campus network. I found out which ports were open by putting my linux box in the DMZ and then finding a computer on a different vlan and doing a port scan of it. It shows up that only 25 and 110 are open. I don't run a smtp server or a pop3 server so I don't need to have incoming traffic communicate on those ports. I don't even use smtp or pop3 to get email. Is there security implications of using one of these 2 ports and if so how do i go about locking them down so they can function like port 22?
Thanks for the responses btw Matt |
Quote:
there aren't any security implications. I don't know how you can stop applications from running in Fedora. You can of course go to /etc/rcX.d and disable the script from there but there are tools that do it for yourself (i think redhat had "chkconfig") do a "man chkconfig" maybe it is the same for fedora. In order to see at which ports you have programs listening do "netstat -ntlp". Then disable the pop3 daemon (if it is running) and change the SSH port from sshd_config |
Have you tryed with port over 50000 ? they are generaly opens
|
Fedora uses xinetd - you can check /etc/services to see what definitions exits for the ports then go to /etc/xinetd.d and see if the service there is turned on. Within the relevant xinetd.d file you will see a line regarding disabling the service. Just change that line to disable it if its enabled at present. You can then use the port for what you want.
|
| All times are GMT -5. The time now is 04:14 AM. |