I'm failing to set-up an ssd on port 9922. With standard configuration on port 22 everything works fine. Then I change the port to 9922 by adding this line to ths sshd_config file:
Port 9922
I can connect to the server in the LAN on port 22 without prolems. After switching to port 9922 I get the following ouptput:
# ssh -vvv -p 9922 [email protected]
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.26.153 [192.168.26.153] port 9922.
debug1: connect to address 192.168.26.153 port 9922: No route to host
ssh: connect to host 192.168.26.153 port 9922: No route to host
#
And nmap -p 9922 192.168.26.153 gives:
# nmap -p 9922 192.168.26.153
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-06-11 08:09 CEST
Interesting ports on 192.168.26.153:
PORT STATE SERVICE
9922/tcp filtered unknown
MAC Address: 4A:34:E7:11:9F:22 (Unknown)
Nmap finished: 1 IP address (1 host up) scanned in 0.184 seconds
#
Any ideas what's missing?
ifconfig on the target machines gives:
eth0 Link encap:Ethernet Hardware Adresse 4A:34:E7:11:9F:22
inet Adresse:192.168.26.153 Bcast:192.168.26.255 Maske:255.255.255.0
inet6 Adresse: fe80::4834:e7ff:fe11:9f22/64 G?ltigkeitsbereich:Verbindung
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2723010 errors:0 dropped:0 overruns:0 frame:0
TX packets:552 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenl?nge:1000
RX bytes:561183811 (535.1 MiB) TX bytes:52703 (51.4 KiB)
Interrupt:24
lo Link encap:Lokale Schleife
inet Adresse:127.0.0.1 Maske:255.0.0.0
inet6 Adresse: ::1/128 G?ltigkeitsbereich:Maschine
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenl?nge:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
And route -n:
# route -n
Kernel IP Routentabelle
Ziel Router Genmask Flags Metric Ref Use Iface
192.168.10.0 192.168.26.1 255.255.255.0 UG 0 0 0 eth0
192.168.26.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 192.168.26.4 0.0.0.0 UG 0 0 0 eth0
#
iptables -L returns:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
#
You must likely have SELinux enabled at your server. If you don't need it, disable it temporarily with
setenforce 0or permanently by modifying/etc/selinux/configfile.If you want to use SELinux, make it allow
sshdto bind to port 9922:While it is not a smart idea to stop the firewall i would propose to start the firewall and allow incomming port 9922 by
For me was a combo of Selinux and Firewall, I found the solution doing in this way:
As already proposed, relaxing Selinux:
And after that, changing even the firewall permission:
These two changes make me possible to access to the server with the new
ssh-portYou can have multiple
Portlines in your sshd.conf, e.g.I typically do this because I'll have an external firewall/NAT open on the alternative port, but will want internal systems to hit the server on the traditional port 22.
Please make sure you restart the ssh daemon (
service sshd restart) following any configuration file changes.What happens if you
nmap -p 9922 192.168.26.153? Does it show the port open?The error in your ssh client debug output should be "Connection timed out" instead of "No route to host". What's in between you and the target system?