SSH port changes and the openSuSE firewall

Note to self - when changing the SSH port from default 22, keep in mind:
  • Change listening port in Webmin (port number > 1024 recommended)
  • Let Webmin handle the sighup (existing connections are kept)
  • No webmin available: Change port in /etc/ssh/sshd_config (right where it says "Port") . It's easier just to restart (but all connections are killed)
    sudo /etc/init.d/ssh restart
    If you need a sighup (e.g. when you administrate over ssh):
    $ sudo -s
    # ps -alxww | grep ssh
    # kill -9 <process (3rd column) with 4th column "1">
  • YaSt and firewall: YaST->Security and Users->Firewall->Allowed Services. To simply allow SSH in the drop-down list is no use, as YaST automatically assumes port 22.
    Go to "Advanced..." and open the matching TCP and UDP ports.
  • Now I can't log in any more...: a ssh connection from shell needs the -p option
    $ ssh -p <portnum> <username>@<IP>;
    scp wants the -P option (capital P - can't they unify that?);
    other services like Unison (modify the profile files) or fish:// specify the portwith <user>@<IP>:<port>
  • I want to mount a remote ssh share:
    sshfs -p <portnum> <username>@<IP>:<folder> <share>

Most of the research by daWuzzzz.

No comments: