ssh on different port = timeout

Paulblo

Member
May 10, 2002
16
0
301
Hello,

I have a problem using the feature:
Dns Functions & Edit a DNS Zone

Everytime I run this function the ssh session times out trying to connect to my other name server.

Here is why -
I have my accounting/admin/primaryns server running ssh on a different port for security, so when I run the Edit a DNS Zone it trys to ssh to port 22 and times out. I am able to change most of all of the scripts but the &cpanel/whostmgr/bin/whostmgr& file is a binary and doesn't like to be edited.... :)

I know it is not running on the right port because when I ps -ef this is what I get:

root 12869 12868 0 02:47 ? 00:00:00 ssh -o Protocol 1,2 -q 64.79.167.6 ls /var/named & /root/.sshtmp

and my logs say:

Jun 28 02:58:15 web1 stunnel[12962]: 127.0.0.1.2086 connected from 207.227.102.11:64636
Jun 28 02:51:32 web1 proftpd[12836]: web1.britehost.com (localhost[127.0.0.1]) - FTP login timed out, disconnected. Jun 28 02:59:52
Jun 28 02:54:27 web1 stunnel[12861]: Connection closed: 4584 bytes sent to SSL, 459 bytes sent to socket

Any tips on how I can get through this problem?

Thanks,

Paul:)
 

itf

Well-Known Member
May 9, 2002
624
0
316
Change back to your standard SSH port or manually edit your DNS zones from
/var/named/domain.com.db by using pico

pico /var/named/domain.com.db
 

Paulblo

Member
May 10, 2002
16
0
301
Thanks

I just used port forwarding using iptables... and it works like a charm!! ;) Thanks,

Paul
 

moronhead

Well-Known Member
Aug 12, 2001
706
0
316
[quote:f755c98580][i:f755c98580]Originally posted by Paulblo[/i:f755c98580]

I just used port forwarding using iptables... and it works like a charm!! ;) Thanks,

Paul[/quote:f755c98580]
Could you tell us how you did that?

Thanks.
 

Paulblo

Member
May 10, 2002
16
0
301
WHM is on box1 which is 1.1.1.1
Primary DNS Server is on box 2 which is 2.2.2.2 and also has ssh on a odd port.

In my Firewall using IPtables I inserted the following lines (of course with my real IP's and SSH ports).

#Here is the table that will only accept a connections to port 22 from the ip 1.1.1.1
/usr/sbin/iptables -I INPUT -j ACCEPT -p tcp -s 1.1.1.1 -d 2.2.2.2 --dport 22 -i eth1

#Here we will forward the connections from 1.1.1.1 to another port (44).
/usr/sbin/iptables -A PREROUTING -t nat -p tcp -d 2.2.2.2 --dport 22 -j DNAT --to 2.2.2.2:44


The alternate/hidden ssh port is 44. Now my firewall is set up to forward the ssh connection from 22 if the ip 1.1.1.1 is making the request.

Hope this helps,

Paulblo :)
 

Paulblo

Member
May 10, 2002
16
0
301
Well all I use is iptables. It is a packet filtering option within the linux kernal. To get a better idea of what it does and how I would suggest going to http://netfilter.samba.org/ and http://www.linuxguruz.org/iptables/howto/iptables-HOWTO.html .

To sum it up.. it is a program that allows you to filter packets (traffic/data) by protocal, source, destination, port and so on.

Every box weather it is behind a hardware firewall or not should be running either ipchains or iptables or something simular to it to close unused ports and control basic traffic flow.

Hope this helps! :)
 

moronhead

Well-Known Member
Aug 12, 2001
706
0
316
We have both installed. I was wondering if those lines would work if placed in portsentry config (/etc/portsentry/portsentry.conf). Or can you tell exactly in which file you put them in?
 

Paulblo

Member
May 10, 2002
16
0
301
Yes and no.

I would create a seperate file and put it in the /etc/rc.d/ directory and add a line in your /rc.local to run it at bootup. The lines I showed you were only two lines, most iptables firewalls include at least 10-50 lines of tables.

That way it is clean and seperate. :)

If you are going to play around with it I would suggest you leave a back door so you can get back in if it bloacks you out. :) I learned the hard way and had to call my ISP to have them reboot my box once. :) I 'll necer do that again :)

Paulblo
 

moronhead

Well-Known Member
Aug 12, 2001
706
0
316
[quote:5e12dee48b][i:5e12dee48b]Originally posted by Paulblo[/i:5e12dee48b]

Yes and no.

I would create a seperate file and put it in the /etc/rc.d/ directory and add a line in your /rc.local to run it at bootup. The lines I showed you were only two lines, most iptables firewalls include at least 10-50 lines of tables.

That way it is clean and seperate. :) ......

Paulblo[/quote:5e12dee48b]
That's a good idea. Thanks.

We keep the alternate SSH port above 10000 which usually makes it slightly less prone to detection.