cannot login sshd with another port
1.ok,stop selinux, stop iptables
#/etc/init.d/iptables stop 2.change sshd port and restart in /etc/ssh/sshd_config: Port 5050 3.check the port working #netstat -ntlp | grep :5050 4.login on server localhost #ssh -vv -p 5050 localhost it works. but, on pc client ssh -vv -p 5050 [server_name] .... debug1: Connecting to zhuanfa [223.*.*.*] port 5050. [stop here, no more output] but -vv -p 22 [server_name] is ok. |
So, let me get this right - it still connects on port 22?
Can you try changing IPtables, rather than just stopping it - so it uses 5050 instead? |
Check
Code:
netstat -ntlp | grep :22 |
Quote:
i had set sshd to listen on port 22, or 5050, or both. but it doesn't work. so i stop iptables, disable selinux |
Quote:
so i can login to server and change the default port to 5050. i try to login with anthor client, using the new port 5050. but connection time out. i had try to change iptables, selinux, but it doestn't work. |
sshd
It is not either-or, you can make sshd listen on two ports.
What you cannot do is make a dynamic change, you have to bounce or refresh sshd to have it pick up configuration changes. Did you? |
Quote:
and then change /etc/ssh/sshd_config ,set Port to 5050 and /etc/init.d/sshd restart |
Quote:
Quote:
Quote:
|
Quote:
i had try what you said. but it doestn't work. so i stop them rudely. i had restart sshd. and the output of ssh -vv servername -p 5050 is: OpenSSH_5.5p1, OpenSSL 1.0.0e-fips 6 Sep 2011 debug1: Reading configuration data /home/tgf6/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to zhuanfa [223.*.*.*] port 5050. and i found out that if the server listen on not well-known port like 8080,5000 the client cannot connect to . so is it the iptables problem? |
Quote:
Quote:
On the client run: - connectivity: 'hping2 -n -V -I eth0 --scan 22,5050 -S servername' - firewall: 'for TABLE in $(</proc/net/ip_tables_names); do /sbin/iptables -t $TABLE -n -L; done;'. Now on the server run: - just to make sure: 'service sshd restart' - 'for TABLE in $(</proc/net/ip_tables_names); do /sbin/iptables -t $TABLE -n -L; done;' - ports opened by SSH daemon: 'lsof -Pwlnp `pgrep sshd` -a -i;' - tcp_wrappers: 'grep -v ^# /etc/hosts.*|grep .;' - 'grep -v ^# /etc/ssh/sshd_config|grep .;' - enabled?: 'selinuxenabled; echo $?;' - port assignments?: 'seinfo -p|grep ssh;'. |
All times are GMT -5. The time now is 09:00 AM. |