Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- openssh : using Port statement in ssh_config
December 8, 2005, 12:35 pm
rate this thread
OpenSSH_4.2p1, OpenSSL 0.9.8 05 Jul 2005... (sol 9) - named system1
in short, openssh is installed and works fine on port 22. User
restriction is configured by AllowUsers entries.
I have created ssh_config.it and sshd_config.it files (for use by the
IT department). These files are all but the same as the non suffixed
files, aside from tweaks for the Port, which for testing purposes is
set to 33 for the IT dept ssh config. I also have a startup script
thyat runs sshd with the sshd_config.it file nominated. User
restriction is also configured by AllowUsers entries.
This is repeated on a second system. (system2)
sshd daemons have been HUP'd on both systems.
To test this I created a dummy user "bill" who was added to the
allowusers entry on the "far" system for the IT config.
I can show that a straight "ssh -l bill system1" from system2 fails as
we would expect attempting to use standard port 22 as bill is not an
allowed user in the configuration file.
I can show that "ssh -p 33 -l bill system1" fro system2 connects
successfully i.e. it uses port 33 and thus connects to the sshd daemon
that uses sshd_config.it which has its Port statement using port 33.
So - next step was to instead of using the "-p" option to instead use a
ssh_client.it file with "Port 33" defined... (long story). A "man
ssh" shows ..
Specifies an alternative per-user configuration file. If
figuration file is given on the command line, the
configuration file (/etc/ssh/ssh_config) will be ignored.
default for the per-user configuration file is
... (in fact taken from the openssh website)
However, "ssh -F /usr/local/etc/ssh_config.it -l bill system1" from
system2 fails.. the log error is
"User bill from 18.104.22.168 not allowed because not listed in
i.e. although the Port statement is set to 33 in the ssh_config.it file
stipulated with the -F command line option it possibly isn't actualy
using the port 33 to make the ssh connection.
This has been shown to be likely as if bill is made an AllowedUser in
system1's ssh_config file then everything connects fine.
The above is the same whether I issue commands as root, or bill. It
also makes no difference if I alter the permissions on the
ssh_config.it file from the original 600 to 644 (although as bill the
file cannot be read otherwise of course). Neither does it matter of
the port is defined in /etc/services or not.
It would appear that a non-"standard" port (ie not 22) cannot thus be
stipulated via the ssh_config file ... there are possible other
indicators of this as another system can happily ssh to other boxes
even though IT's ssh_config file has Port set to 2345 (and no servers
use this as their ssh port!).
can I verify that
- the supposition is correct
- that either -F does not work OR I have confused its use!
- the only way to use an alternative port is to use the -p command line
Re: openssh : using Port statement in ssh_config
Directives in an ssh_config file are associated with a "Host". You
Probably just need to make the config file look something like:
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum