SSH login on port 80
Hello,
I know it's a simple one but i just can't figure this out on my own. How can i grat only one user the posibility to connect both on port 21 and 80 using ssh? I have Ubuntu 6.06 server. Thanks |
You don't.
First off, port 80 is for websites, and 21 is for FTP. Port 22 is for ssh. You can go in the ssh.conf file and set it to listen at any port you choose, but using a port that is assigned can lead to wierd events. How does your ssh server deal with a request from a web browser? It should just refuse it, but you never know. With a firewall, particularly a good hardware firewall, you could direct traffic from a given IP address (the one user) headed to port 80 or 21 to port 22 on the machine. Also, what do you mean by only one user? Is there only one user on the machine, or do you only want one person of the several with accounts on it to have access to it? Peace, JimBass |
Right you are my firend, just to clear things out, i know 80 if or http, i have a friend that can only access the 80 port from where he connects to the internet and i want him to be able to connect remotely on my machine (on port 22).
About that firewall, i have only my linux to use, how can i configure it rigt? My deepest thanks! |
Ok, here's how I would do it:
1) Edit /etc/ssh/sshd_config. Take the line that says Code:
# What ports, IPs and protocols we listen for 2) That means you have ssh listening on 80, so if you run any webpages of of this box, you need to move them to some port other than 80. 3) For you, your friend, or anyone else to connect, You need to pass a port to the ssh client. That command should look like Code:
ssh -p 80 your.ip.address.or.domainname Have fun. Peace, JimBass |
What I would do instead (assuming you know your friend's ip or domain name), is to put in some NAT rules using iptables (but only for that one ip). That way, the ssh server thinks it's communicating over port 22, and the client thinks it's communicating over port 80, and it only works for your friend.
|
Yes, Osor is correct, I didn't read carefully. If your friend can only come out on port 80, but you want him to connect at the standard port of 22, then you need to use a router or firewall to translate any request of his that comes in at port 80 to be forwarded to port 22. Without a hardware/software firewall or router to translate 80 (from his IP only) to 22, you won't get it to do what you want.
Doing what I suggested earlier would move SSH for everyone from 22 to 80, which is the inverse (converse?) of what you asked for. My bad. Peace, JimBass |
I've got the point but i don't really know iptables that well :o Can you please guide me a little?!
Thanks! |
Well, to start with, you need to have the required netfilter modules loaded (I don't know the names off the top of my head since mine are always in the kernel. I think just basic iptables.ko and iptables-nat.ko will do for this).
Then try (I haven't had time to thoroughly proofread, so if you have trouble, it's probably my fault): Code:
# iptables -t nat -A PREROUTING -s ${IP_FRIEND} -p tcp -m tcp --dport 80 -j DNAT --to-destination ${IP_YOURS}:22 This is a very basic implementation of what I was talking about. Of course, there are probably other, more elegant methods for this, so I await a post from someone more knowledgeable than I am about this stuff. |
All times are GMT -5. The time now is 04:27 PM. |