LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 10-19-2011, 05:52 AM   #1
tgf2
LQ Newbie
 
Registered: Jun 2011
Posts: 5

Rep: Reputation: Disabled
cannot login sshd with another port


1.ok,stop selinux, stop iptables
#/etc/init.d/iptables stop

2.change sshd port and restart
in /etc/ssh/sshd_config:
Port 5050

3.check the port working
#netstat -ntlp | grep :5050

4.login on server localhost
#ssh -vv -p 5050 localhost
it works.

but, on pc client

ssh -vv -p 5050 [server_name]
....

debug1: Connecting to zhuanfa [223.*.*.*] port 5050.
[stop here, no more output]

but -vv -p 22 [server_name] is ok.
 
Old 10-19-2011, 06:02 AM   #2
stevellion
LQ Newbie
 
Registered: Oct 2011
Posts: 10

Rep: Reputation: Disabled
So, let me get this right - it still connects on port 22?

Can you try changing IPtables, rather than just stopping it - so it uses 5050 instead?
 
Old 10-19-2011, 06:05 AM   #3
eSelix
Senior Member
 
Registered: Oct 2009
Location: Wroclaw, Poland
Distribution: Arch, Kubuntu
Posts: 1,271

Rep: Reputation: 319Reputation: 319Reputation: 319Reputation: 319
Check
Code:
netstat -ntlp | grep :22
Should be empty. Did you connect this client PC through router? Maybe it has firewall or port forwarding.
 
Old 10-19-2011, 06:08 AM   #4
tgf2
LQ Newbie
 
Registered: Jun 2011
Posts: 5

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by stevellion View Post
So, let me get this right - it still connects on port 22?

Can you try changing IPtables, rather than just stopping it - so it uses 5050 instead?
yes, i had try to changing iptabels.
i had set sshd to listen on port 22, or 5050, or both.

but it doesn't work.
so i stop iptables, disable selinux
 
Old 10-19-2011, 06:14 AM   #5
tgf2
LQ Newbie
 
Registered: Jun 2011
Posts: 5

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by eSelix View Post
Check
Code:
netstat -ntlp | grep :22
Should be empty. Did you connect this client PC through router? Maybe it has firewall or port forwarding.
server side's sshd listen on port 22 before.
so i can login to server and change the default port to 5050.

i try to login with anthor client, using the new port 5050.
but connection time out.

i had try to change iptables, selinux, but it doestn't work.

Last edited by tgf2; 10-19-2011 at 06:15 AM.
 
Old 10-19-2011, 01:28 PM   #6
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 3,491

Rep: Reputation: 1542Reputation: 1542Reputation: 1542Reputation: 1542Reputation: 1542Reputation: 1542Reputation: 1542Reputation: 1542Reputation: 1542Reputation: 1542Reputation: 1542
sshd

It is not either-or, you can make sshd listen on two ports.
What you cannot do is make a dynamic change, you have to bounce or refresh sshd to have it pick up configuration changes. Did you?
 
Old 10-19-2011, 04:57 PM   #7
tgf2
LQ Newbie
 
Registered: Jun 2011
Posts: 5

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by wpeckham View Post
It is not either-or, you can make sshd listen on two ports.
What you cannot do is make a dynamic change, you have to bounce or refresh sshd to have it pick up configuration changes. Did you?
i login to server with port 22.
and then change /etc/ssh/sshd_config ,set Port to 5050
and /etc/init.d/sshd restart
 
Old 10-19-2011, 06:14 PM   #8
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
Quote:
Originally Posted by tgf2 View Post
stop selinux
Don't need to. Just 'semanage port -a -t ssh_port_t -p tcp 5050' to add port TCP/5050.


Quote:
Originally Posted by tgf2 View Post
stop iptables
Don't need to. Just 'iptables -A INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT'.


Quote:
Originally Posted by tgf2 View Post
but -vv -p 22 [server_name] is ok.
BTW you didn't post actual output of 'ssh -v -v -v servername -p 5050' nor answer wpeckham's question abotu restarting sshd...
 
Old 10-19-2011, 06:25 PM   #9
tgf2
LQ Newbie
 
Registered: Jun 2011
Posts: 5

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
Don't need to. Just 'semanage port -a -t ssh_port_t -p tcp 5050' to add port TCP/5050.



Don't need to. Just 'iptables -A INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT'.



BTW you didn't post actual output of 'ssh -v -v -v servername -p 5050' nor answer wpeckham's question abotu restarting sshd...
thanks.
i had try what you said. but it doestn't work. so i stop them rudely.
i had restart sshd.

and the output of ssh -vv servername -p 5050 is:
OpenSSH_5.5p1, OpenSSL 1.0.0e-fips 6 Sep 2011
debug1: Reading configuration data /home/tgf6/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to zhuanfa [223.*.*.*] port 5050.


and i found out that if the server listen on not well-known port like 8080,5000
the client cannot connect to .
so is it the iptables problem?
 
Old 10-19-2011, 06:53 PM   #10
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
Quote:
Originally Posted by tgf2 View Post
it doestn't work.
Likely well-meant but unfortunately "doesn't work" doesn't contain the kind of technical details I can do anything with.


Quote:
Originally Posted by tgf2 View Post
so is it the iptables problem?
Don't know. Could do with more nfo to start with.
On the client run:
- connectivity: 'hping2 -n -V -I eth0 --scan 22,5050 -S servername'
- firewall: 'for TABLE in $(</proc/net/ip_tables_names); do /sbin/iptables -t $TABLE -n -L; done;'.
Now on the server run:
- just to make sure: 'service sshd restart'
- 'for TABLE in $(</proc/net/ip_tables_names); do /sbin/iptables -t $TABLE -n -L; done;'
- ports opened by SSH daemon: 'lsof -Pwlnp `pgrep sshd` -a -i;'
- tcp_wrappers: 'grep -v ^# /etc/hosts.*|grep .;'
- 'grep -v ^# /etc/ssh/sshd_config|grep .;'
- enabled?: 'selinuxenabled; echo $?;'
- port assignments?: 'seinfo -p|grep ssh;'.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] sshd port amartlk Linux - Newbie 4 05-10-2011 04:24 AM
Help ! cannot login via sshd kkempter Linux - Networking 5 03-03-2009 12:53 PM
Starting sshd: /etc/init.d/sshd: line 113: /usr/sbin/sshd: Permission denied sumanc Linux - Server 5 03-28-2008 05:59 AM
sshd port forwarding jdavidow Linux - Networking 4 04-16-2006 03:14 PM
sshd port 22 vulnerability illtbagu Linux - General 4 02-25-2003 01:51 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 11:13 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration