Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

ssh on different port = timeout

Discussion in 'General Discussion' started by Paulblo, Jun 28, 2002.

  1. Paulblo

    Paulblo Member

    Joined:
    May 10, 2002
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    301
    Hello,

    I have a problem using the feature:
    Dns Functions & Edit a DNS Zone

    Everytime I run this function the ssh session times out trying to connect to my other name server.

    Here is why -
    I have my accounting/admin/primaryns server running ssh on a different port for security, so when I run the Edit a DNS Zone it trys to ssh to port 22 and times out. I am able to change most of all of the scripts but the &cpanel/whostmgr/bin/whostmgr& file is a binary and doesn't like to be edited.... :)

    I know it is not running on the right port because when I ps -ef this is what I get:

    root 12869 12868 0 02:47 ? 00:00:00 ssh -o Protocol 1,2 -q 64.79.167.6 ls /var/named & /root/.sshtmp

    and my logs say:

    Jun 28 02:58:15 web1 stunnel[12962]: 127.0.0.1.2086 connected from 207.227.102.11:64636
    Jun 28 02:51:32 web1 proftpd[12836]: web1.britehost.com (localhost[127.0.0.1]) - FTP login timed out, disconnected. Jun 28 02:59:52
    Jun 28 02:54:27 web1 stunnel[12861]: Connection closed: 4584 bytes sent to SSL, 459 bytes sent to socket

    Any tips on how I can get through this problem?

    Thanks,

    Paul:)
     
  2. itf

    itf Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    316
    Change back to your standard SSH port or manually edit your DNS zones from
    /var/named/domain.com.db by using pico

    pico /var/named/domain.com.db
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Paulblo

    Paulblo Member

    Joined:
    May 10, 2002
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    301
    Thanks

    I just used port forwarding using iptables... and it works like a charm!! ;) Thanks,

    Paul
     
  4. moronhead

    moronhead Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    316
    [quote:f755c98580][i:f755c98580]Originally posted by Paulblo[/i:f755c98580]

    I just used port forwarding using iptables... and it works like a charm!! ;) Thanks,

    Paul[/quote:f755c98580]
    Could you tell us how you did that?

    Thanks.
     
  5. Paulblo

    Paulblo Member

    Joined:
    May 10, 2002
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    301
    WHM is on box1 which is 1.1.1.1
    Primary DNS Server is on box 2 which is 2.2.2.2 and also has ssh on a odd port.

    In my Firewall using IPtables I inserted the following lines (of course with my real IP's and SSH ports).

    #Here is the table that will only accept a connections to port 22 from the ip 1.1.1.1
    /usr/sbin/iptables -I INPUT -j ACCEPT -p tcp -s 1.1.1.1 -d 2.2.2.2 --dport 22 -i eth1

    #Here we will forward the connections from 1.1.1.1 to another port (44).
    /usr/sbin/iptables -A PREROUTING -t nat -p tcp -d 2.2.2.2 --dport 22 -j DNAT --to 2.2.2.2:44


    The alternate/hidden ssh port is 44. Now my firewall is set up to forward the ssh connection from 22 if the ip 1.1.1.1 is making the request.

    Hope this helps,

    Paulblo :)
     
  6. moronhead

    moronhead Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    316
    Thanks, very useful. :)

    What firewall have you got?
     
  7. Paulblo

    Paulblo Member

    Joined:
    May 10, 2002
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    301
    Well all I use is iptables. It is a packet filtering option within the linux kernal. To get a better idea of what it does and how I would suggest going to http://netfilter.samba.org/ and http://www.linuxguruz.org/iptables/howto/iptables-HOWTO.html .

    To sum it up.. it is a program that allows you to filter packets (traffic/data) by protocal, source, destination, port and so on.

    Every box weather it is behind a hardware firewall or not should be running either ipchains or iptables or something simular to it to close unused ports and control basic traffic flow.

    Hope this helps! :)
     
  8. moronhead

    moronhead Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    316
    We have both installed. I was wondering if those lines would work if placed in portsentry config (/etc/portsentry/portsentry.conf). Or can you tell exactly in which file you put them in?
     
  9. Paulblo

    Paulblo Member

    Joined:
    May 10, 2002
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    301
    Yes and no.

    I would create a seperate file and put it in the /etc/rc.d/ directory and add a line in your /rc.local to run it at bootup. The lines I showed you were only two lines, most iptables firewalls include at least 10-50 lines of tables.

    That way it is clean and seperate. :)

    If you are going to play around with it I would suggest you leave a back door so you can get back in if it bloacks you out. :) I learned the hard way and had to call my ISP to have them reboot my box once. :) I 'll necer do that again :)

    Paulblo
     
  10. moronhead

    moronhead Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    316
    [quote:5e12dee48b][i:5e12dee48b]Originally posted by Paulblo[/i:5e12dee48b]

    Yes and no.

    I would create a seperate file and put it in the /etc/rc.d/ directory and add a line in your /rc.local to run it at bootup. The lines I showed you were only two lines, most iptables firewalls include at least 10-50 lines of tables.

    That way it is clean and seperate. :) ......

    Paulblo[/quote:5e12dee48b]
    That's a good idea. Thanks.

    We keep the alternate SSH port above 10000 which usually makes it slightly less prone to detection.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice