Dedicated IP for SSH access - how?

kory

Member
May 20, 2005
5
0
151
Howdy all. I moved to a new server and would like to use a dedicated IP strictly for SSH access. I've spent the last couple of hours on the forum searching (came across the excellent "Beginners for hardening servers" tutorial and have installed Chirpy's CSF with great success).

I was sure it had to do with configuring the sshd_config file, specifically the "ListenAddress" but I'm still able to SSH in via the primary server IP. I've already added an A entry for the domain for SSH access and see that it's reserved on the name server for that. Interestingly enough, the A name is using my old server's dedicated IP address for SSH when I try to add it in the new server. Might it be due to propagation delays?

If anyone has any advice on what I'm missing, I'd greatly appreciate it.

Thx much.

Regards,
Kory
 

kory

Member
May 20, 2005
5
0
151
Actually, I don't believe I had, jugo. However, because of what might be a possible propagation issue, SSH won't restart for me. Is there a way I can get to the sshd_config file from within WHM to make any changes?

Thx much for your reply.

Regards,
Kory
 

jayh38

Well-Known Member
Mar 3, 2006
1,213
0
166
kory said:
Actually, I don't believe I had, jugo. However, because of what might be a possible propagation issue, SSH won't restart for me. Is there a way I can get to the sshd_config file from within WHM to make any changes?

Thx much for your reply.

Regards,
Kory
If you changed the port to something other than 22, whm will report that ssh did not restart but it may be fine. However, if you are just locked out, you can try resetting it back to default port 22 by modifying and using this link in your browser

http://11.22.33.44:2086/scripts2/doautofixer?autofix=safesshrestart

One last note, install this when you get back into ssh. Thank yet again to Chirpy....

http://www.configserver.com/cp/cse.html
 
Last edited:

kory

Member
May 20, 2005
5
0
151
Wow, excellent suggestion, jayh38. I didn't even know that script existed, especially from via a web browser. Definitely one to bookmark. :)

Fortunately, I was able to get the server back up and running. In my sleep-deprived mode, I had discovered that DNS had propagated at home and that the new IP had been assigned to the SSH port, overriding the old server's IP address. So, I'm good to go.

Thx much to you all for the excellent suggestions!

Regards,
Kory
 

jayh38

Well-Known Member
Mar 3, 2006
1,213
0
166
No problem. One other suggestion, instead of waiting for propagation for something like that, use a local dns cache on your own computer instead of your internet providers. Or you can simply adjust your ethernet to use your webhosts dns to locally resolve and you would not have to wait on anything.

I like using treewalk
http://www.ntcanuck.com/
 

kory

Member
May 20, 2005
5
0
151
A local DNS cache. Excellent suggestion again! I had thought about the local HOSTS file on my workstation after the fact.

I'll definitely check out treewalk.

Thx again!

Regards,
Kory