The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ssh on different port = timeout

Discussion in 'General Discussion' started by Paulblo, Jun 28, 2002.

  1. Paulblo

    Paulblo Member

    Joined:
    May 10, 2002
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    I have a problem using the feature:
    Dns Functions & Edit a DNS Zone

    Everytime I run this function the ssh session times out trying to connect to my other name server.

    Here is why -
    I have my accounting/admin/primaryns server running ssh on a different port for security, so when I run the Edit a DNS Zone it trys to ssh to port 22 and times out. I am able to change most of all of the scripts but the &cpanel/whostmgr/bin/whostmgr& file is a binary and doesn't like to be edited.... :)

    I know it is not running on the right port because when I ps -ef this is what I get:

    root 12869 12868 0 02:47 ? 00:00:00 ssh -o Protocol 1,2 -q 64.79.167.6 ls /var/named & /root/.sshtmp

    and my logs say:

    Jun 28 02:58:15 web1 stunnel[12962]: 127.0.0.1.2086 connected from 207.227.102.11:64636
    Jun 28 02:51:32 web1 proftpd[12836]: web1.britehost.com (localhost[127.0.0.1]) - FTP login timed out, disconnected. Jun 28 02:59:52
    Jun 28 02:54:27 web1 stunnel[12861]: Connection closed: 4584 bytes sent to SSL, 459 bytes sent to socket

    Any tips on how I can get through this problem?

    Thanks,

    Paul:)
     
  2. itf

    itf Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    Change back to your standard SSH port or manually edit your DNS zones from
    /var/named/domain.com.db by using pico

    pico /var/named/domain.com.db
     
  3. Paulblo

    Paulblo Member

    Joined:
    May 10, 2002
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    Thanks

    I just used port forwarding using iptables... and it works like a charm!! ;) Thanks,

    Paul
     
  4. moronhead

    moronhead Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    16
    [quote:f755c98580][i:f755c98580]Originally posted by Paulblo[/i:f755c98580]

    I just used port forwarding using iptables... and it works like a charm!! ;) Thanks,

    Paul[/quote:f755c98580]
    Could you tell us how you did that?

    Thanks.
     
  5. Paulblo

    Paulblo Member

    Joined:
    May 10, 2002
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    WHM is on box1 which is 1.1.1.1
    Primary DNS Server is on box 2 which is 2.2.2.2 and also has ssh on a odd port.

    In my Firewall using IPtables I inserted the following lines (of course with my real IP's and SSH ports).

    #Here is the table that will only accept a connections to port 22 from the ip 1.1.1.1
    /usr/sbin/iptables -I INPUT -j ACCEPT -p tcp -s 1.1.1.1 -d 2.2.2.2 --dport 22 -i eth1

    #Here we will forward the connections from 1.1.1.1 to another port (44).
    /usr/sbin/iptables -A PREROUTING -t nat -p tcp -d 2.2.2.2 --dport 22 -j DNAT --to 2.2.2.2:44


    The alternate/hidden ssh port is 44. Now my firewall is set up to forward the ssh connection from 22 if the ip 1.1.1.1 is making the request.

    Hope this helps,

    Paulblo :)
     
  6. moronhead

    moronhead Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    16
    Thanks, very useful. :)

    What firewall have you got?
     
  7. Paulblo

    Paulblo Member

    Joined:
    May 10, 2002
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    Well all I use is iptables. It is a packet filtering option within the linux kernal. To get a better idea of what it does and how I would suggest going to http://netfilter.samba.org/ and http://www.linuxguruz.org/iptables/howto/iptables-HOWTO.html .

    To sum it up.. it is a program that allows you to filter packets (traffic/data) by protocal, source, destination, port and so on.

    Every box weather it is behind a hardware firewall or not should be running either ipchains or iptables or something simular to it to close unused ports and control basic traffic flow.

    Hope this helps! :)
     
  8. moronhead

    moronhead Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    16
    We have both installed. I was wondering if those lines would work if placed in portsentry config (/etc/portsentry/portsentry.conf). Or can you tell exactly in which file you put them in?
     
  9. Paulblo

    Paulblo Member

    Joined:
    May 10, 2002
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    Yes and no.

    I would create a seperate file and put it in the /etc/rc.d/ directory and add a line in your /rc.local to run it at bootup. The lines I showed you were only two lines, most iptables firewalls include at least 10-50 lines of tables.

    That way it is clean and seperate. :)

    If you are going to play around with it I would suggest you leave a back door so you can get back in if it bloacks you out. :) I learned the hard way and had to call my ISP to have them reboot my box once. :) I 'll necer do that again :)

    Paulblo
     
  10. moronhead

    moronhead Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    16
    [quote:5e12dee48b][i:5e12dee48b]Originally posted by Paulblo[/i:5e12dee48b]

    Yes and no.

    I would create a seperate file and put it in the /etc/rc.d/ directory and add a line in your /rc.local to run it at bootup. The lines I showed you were only two lines, most iptables firewalls include at least 10-50 lines of tables.

    That way it is clean and seperate. :) ......

    Paulblo[/quote:5e12dee48b]
    That's a good idea. Thanks.

    We keep the alternate SSH port above 10000 which usually makes it slightly less prone to detection.
     
Loading...

Share This Page