openssh : using Port statement in ssh_config

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I am trying to create several restricted back doors on a server via
OpenSSH_4.2p1, OpenSSL 0.9.8 05 Jul 2005...  (sol 9) - named system1

in short, openssh is installed and works fine on port 22.  User
restriction is configured by AllowUsers entries.

I have created and files (for use by the
IT department).  These files are all but the same as the non suffixed
files, aside from tweaks for the Port, which for testing purposes is
set to 33 for the IT dept ssh config.  I also have a startup script
thyat runs sshd with the file nominated.  User
restriction is also configured by AllowUsers entries.

This is repeated on a second system. (system2)

sshd daemons have been HUP'd on both systems.

To test this I created a dummy user "bill" who was added to the
allowusers entry on the "far" system for the IT config.

I can show that a straight "ssh -l bill system1" from system2 fails as
we would expect attempting to use standard port 22 as bill is not an
allowed user in the configuration file.

I can show that "ssh -p 33 -l bill system1" fro system2 connects
successfully i.e. it uses port 33 and thus connects to the sshd daemon
that uses which has its Port statement using port 33.

So - next step was to instead of using the "-p" option to instead use a file with "Port 33" defined...  (long story).   A "man
ssh" shows ..

-F configfile
             Specifies an alternative per-user configuration file.  If
a con-
             figuration file is given on the command line, the
             configuration file (/etc/ssh/ssh_config) will be ignored.
             default for the per-user configuration file is
...  (in fact taken from the openssh website)

However, "ssh -F /usr/local/etc/ -l bill system1" from
system2 fails..  the log error is

"User bill from not allowed because not listed in

i.e. although the Port statement is set to 33 in the file
stipulated with the -F command line option it possibly isn't actualy
using the port 33 to make the ssh connection.
This has been shown to be likely as if bill is made an AllowedUser in
system1's ssh_config file then everything connects fine.

The above is the same whether I issue commands as root, or bill.  It
also makes no difference if I alter the permissions on the file from the original 600 to 644 (although as bill the
file cannot be read otherwise of course).  Neither does it matter of
the port is defined in /etc/services or not.

It would appear that a non-"standard" port (ie not 22) cannot thus be
stipulated via the ssh_config file ...  there are possible other
indicators of this as another system can happily ssh to other boxes
even though IT's ssh_config file has Port set to 2345 (and no servers
use this as their ssh port!).

can I verify that

- the supposition is correct
- that either -F does not work OR I have confused its use!
- the only way to use an alternative port is to use the -p command line



Re: openssh : using Port statement in ssh_config

Quoted text here. Click to load it

Directives in an ssh_config file are associated with a "Host".  You
Probably just need to make the config file look something like:

Host *
    Port 33

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Re: openssh : using Port statement in ssh_config


cheers darren!


Site Timeline