Tuesday, July 31, 2012

Running an SSH Server on Multiple Ports

It's pretty easy to do on your Linux box. These instructions are tested on OpenSuse 10.1 but they should work equally well on any Linux. On the machine that's running sshd, the ssh server, edit /etc/ssh/sshd_config. In it you'll see one directive on each line. Here's a snippet:
#AllowTcpForwarding yes
GatewayPorts yes
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
In these lines, the ones that start with a # don't do anything - they're comments for your reference. Often sshd_config has default values for many of the most common options included with a # in front of them. So you might have a line like
#Port 22
With the # it doesn't do anything. Since 22 is the default value for Port, sshd will behave the same if you have no Port directive at all or if you have this comment.
The lines that have no # in front of them are directives. They tell sshd what you want it to do for any given option. So a line like
Port 22
Tells sshd to listen for connections on Port 22. The ssh server accepts multiple Port directives and will listen on multiple ports if you want it to. If you want to have sshd listen on ports 22, 80 and 8122 you need lines like this
Port 22
Port 80
Port 32022
Note that Port 80 is normally used by web servers - it's said to be a Well Known Port Number. Using Port 80 for ssh will let you use ssh to connect through most firewalls and proxies. If you decide to do this then make sure that you don't also have a web server trying to use port 80 for incoming connections. Port 32022 isn't reserved for anything (as far as I know) but a random hacker wouldn't connect to it as their first try for an ssh connection. Port numbers go up to sixty-something thousand.
After you edit sshd_config and save it, you have to restart the ssh server in order for your changes to take effect. If you're making the changes while logged in on an ssh shell (i.e. somewhere other than in front of the computer running sshd) be aware that you may lose your connection when you restart (you should also to the end of this post before restarting). I restart sshd like this:
ruby:/etc/ssh # /etc/init.d/sshd restart
Shutting down SSH daemon                                              done
Starting SSH daemon                                                   done
Once you've made the change and restarted, test your new configuration either from the console or another machine on your LAN. Supposing you used port 32022 you could test it locally like this:

No comments: