Enhanced security via non-standard ssh port?
I am using my Snow basestation as a NAT router, and I have a pass-through to my machine for ssh. This is working fine now. However, I got to thinking that there is value in changing the ssh public port to a non-standard port, like 14038 and routing that to my mac's private port of 22. Doing so, however, merely breaks my ability to log in (note that I have updated my ssh client to point to the new ssh port of 14038)
Does ssh burp on any port other than 22? Do others have a positive experience running this? Might my ISP (earthlink) be blocking non-standard IP ports?
With much gratitude,
Kyle
I sold the Snow basestation -- so the question is moot now.
Similar Messages
-
Http probe on non-standard tcp port 8021
I've configured http probe on standard port 80 with no issue. I'm now trying http probe on non-standard tcp port 8021, confirmed with packet capture to confirm that the CSM is indeed probing, status code 403 is returned but the reals are showing "probe failed". Am I missing something? Thank you in advance.
CSM v2.3(3)2
probe 8021 http
request method head
interval 2
retries 2
failed 4
port 8021
serverfarm TEST
nat server
no nat client
real 10.1.2.101
inservice
real 10.1.2.102
inservice
probe 8021
vserver TEST
virtual 10.1.2.100 tcp 8021
serverfarm TEST
replicate csrp connection
persistent rebalance
inservice
VIP and real status:
vserver type prot virtual vlan state conns
Q_MAS_8021 SLB TCP 10.1.2.100/32:8021 ALL OUTOFSERVICE 0
real server farm weight state conns/hits
10.1.2.101 TEST 8 PROBE_FAILED 0
10.1.2.102 TEST 8 PROBE_FAILED 0you need to specify what HTTP response code you expect.
The command is :
gdufour-cat6k-2(config-slb-probe-http)#expect status ?
<0-999> expected status - minimum value in a range
The default is to expect only 200.
This is why your 403 is not accepted.
Gilles. -
JRE ignores proxy setting for connections to non-standard web ports
Hi,
I've noticed that JRE would not use the proxy settings if the application tries to connect to a web address on a non standard http port. If port 80, 443, 8080 etc is used, the proxy is used but if it's something like 32938 it's not. Is there anyway to disable this behaviour and just have the proxy used for all HTTP traffic, regardless of destination port. Below a trace snippet that shows the behaviour.
guistyle/1049 (signed jarfile)
Browser Java version 1.7.0_67
in Explorer 5 +
on NT-based Windows
network: Connecting https://www.123.com/guistyle/*JEMSEC11424340585918 with proxy=HTTP @ /10.10.12.11:3128
Using port: 43856
network: Connecting http://www.123.com:43856/ with proxy=DIRECT
Socket connection failed: java.net.ConnectException: Connection timed out: connect
Attempting tunneled connection
network: Connecting http://www.123.com:80/*TGD=CS/*EVENT=*JEMTUNNEL/1353036962/response.txt with proxy=HTTP @ /10.10.12.11:3128
TNLRCV unknown block start=null
network: Connecting http://www.123.com:80/*TGD=CS/*EVENT=*JEMTUNNEL/1353036962/response.txt with proxy=HTTP @ /10.10.12.11:3128
network: Connecting http://www.123.com:80/*TGD=CS/*EVENT=*JEMTUNNEL/1353036962/response.txt with proxy=HTTP @ /10.10.12.11:3128
TNLRCV unknown block start=null
Receive failed
Unable to make TCP/IP connection
End guistyle (startup failed)
basic: Applet initialized
basic: Starting applet
basic: completed perf rollup
basic: Applet made visible
basic: Applet started
basic: Told clients applet is startedHi,
I still get the same error:
[12/Nov/2007:14:34:50] failure (16473) rsdts.mycomp.com: for host i78473.mycomp.com trying to GET http:/lidip/, service-http reports: HTTP7765: error reading response header (Server closed connection)
And:
Bad Gateway
Processing of this request was delegated to a server that is not functioning properly.
I don't get any logs on the other side... -
Connect to non standard ftp port
Hi ,
Is it possible for PI to connec to non standard ftp port to pick files using ftp adapter??
how abt non standard ftp servers?Hi Teja,
> Is it possible for PI to connec to non standard ftp port to pick files using ftp adapter??
According to my knowledge it is possible, you have to mention that port in the communication channel.
> how abt non standard ftp servers?
Reffer the below links
http://www.nsoftware.com/kb/tutorials/biztalkftpadapter.aspx
http://wikis.sun.com/display/JavaCAPS/SunAdapterfor+Batch-FTP
Regards
Ramesh -
How To Configure non-standard SMTP port
My ISP has blocked port 25. I have a service that will deliver mail to the port of my choosing. How do I configure Leopard Server to listen on a non-standard SMTP port? 2525 for example.
Also, I assume all I have to do on my Airport Express is set up NAT to rake external port 2525 and point it to the private address of my email server on port 2525. Is this correct?
Thanks,
-ernieAssuming such is offered, look to acquire a business-class ISP service level, and move on to the next issue? The business-class services typically provide static IP address(es), opens up server ports, and sets up DNS and ISP-side server connections for your hosts. And you can call your ISP or other assistance when your network craters; non-standard connections are (as you've found) harder to support.
One subtlety here: in a number of cases, simply having a business-class service means you're supported by a different group within (larger) ISPs. This can be a significant advantage at times, given that the scripts and tools and such that are available for the business group will be rather more targeted than the scripts that are available for the residential services group at the ISP.
There are a number of folks that have sought and have tried this (try a few Google searches for SMTP and non-standard port), and it mostly works. But it is fragile, and tends to be derailed when something goes weird, or when the ISP spots and shapes or blocks the server traffic.
Also check your ISP's terms of service here, lest your network pipe be subject to summary disconnection.
The other option is to VPN or tunnel into to a co-lo or dedicated server or a virtual hosting service; to run your servers or virtual servers somewhere without firewalls blocking the standard ports. -
Using non-standard sshd port after 10.8 upgrade
After spending hours tracking down this solution as a result of losing my ssh settings after the upgrade to Mountain Lion, I thought it might be useful to post the steps taken to restore the configuration I used with Snow Leopard.
Changing the sshd default listening port
Disclaimer: This tutorial is specific to Mountain Lion (OS X 10.8). I was able to accomplish this using Snow Leopard (OS X 10.6) in fewer steps, but upgrading required this more involved solution.
Steps:
1.) You must first enable the root user account in order to change the relevant files. This can be done from the terminal, or by going to System Preferences --> Users & Groups. Once there, click on 'Login Options' at the bottom of the Current User list, and 'Join' where it says 'Network Account Server'.
This will bring up a smaller window. Click on 'Open Directory Utility' at the bottom. You will be prompted for your admin password. Now go to the 'Edit' tab at the top of the screen and toggle down to 'Enable Root User'. You will be prompted to enter your admin password twice.
2.) Log out of your regular user account. At the log in screen you will now see an additional entry for 'other'. Click on that and log in with the username 'root' and your admin password. If are inexperienced as a root-level user, be careful as you can cause problems to your system can be difficult to undo.
Once in your root account, the first step is to create a new 'service definition' in the etc/services file. Open the file with text editor of choice and scroll to the current entry for sshd listening port, which will look like this:
ssh 22/udp # SSH Remote Login Protocol
ssh 22/tcp # SSH Remote Login Protocol
Overwrite the '22' with the port number you would like sshd to listen on:
ssh 12345/udp # SSH Remote Login Protocol
ssh 12345/tcp # SSH Remote Login Protocol
*12345 being our hypothetical, non-standard port.
It is important to note that the new port number will not take by simply adding a new uncommented line to the file (I tried), unless of course you comment the original ssh entries. Easiest way is just to overwrite what is there already. Save changes.
3.) You now need to edit the ssh.plist file, which is located at /System/Library/LaunchDaemons/ssh.plist. A word to those familiar with Linux/BSD environments: changing the default port in the sshd_config file, which exists in OS X, does NOT change the listening port. Simply changing the default port, saving the config file, and restarting the server (the sensible way) won't work. The OS X sshd server (openssh) is configured to get launch instructions from the ssh.plist file, as opposed to sshd_config. If you are more interested in this aspect of OS X, read up on LaunchDaemons (e.g. launchd).
Before altering the ssh.plist file, you should save a backup copy in case of mistakes, or if you need to revert back to it in the future. Name your backup file something like original.ssh.plist, etc.
In the ssh.plist file, locate the SocksServiceName entry and change it from the default:
<key>SockServiceName</key>
<string>ssh</string>
To the following:
<key>SockServiceName</key>
<string>$alternate port number</string>
In our example from above this value would be 12345.
4.) Save your changes, and exit ssh.plist. You now need to move the backup file you created (original.ssh.plist) out of the System/Library/LaunchDaemons path.
The updated sshd port will not take until you have only one ssh.plist file in the LaunchDaemons directory - this has to do with how launchd is configured to load files which is outside the scope of the current discussion. (*If you've found a way around this, please share.)
5.) Restart the sshd server. Easiest way to accomplish this is going to System Preferences --> Sharing and clicking off 'Remote Login', then clicking back on it.
6.) Test the configuration by logging into the machine running the sshd server from another host using:
ssh username@ipaddress -p 12345
There are a few good tutorials out there that capture some of these steps, but many are dated and/or incomplete. If you are running a standard setup of OS X 10.8, this should work for you.
Of course, don't be fooled into thinking that changing the default listening port from the ubiquitously-probed 22 equates to actual security. At best, it will cut down on the number of dubious connection attempts and probing.Hi all, above helped me change the sshd port number, thank you very much.
Just upgraded to OS X 10.9.3 on my macbook pro.
My findings were:
Step 1(become a root user or sudo)
Step 2 (/etc/services)
This may not be required unless you want ssh to work without the "-p XXXX" option to connect to other ssh hosts. I favor such as "ssh -p 2222 user@hostname" just to be sure I know what I am doing and also to leave ssh known port as its default "22".
Step 3 (/System/Library/LaunchDaemons/ssh.plist)
This is required if you want to change the sshd port number, I changed both "ssh" to "2222" in this file.
Step 4 (launchctl)
Below is a must as I understood:
launchctl unload /System/Library/LaunchDaemons/ssh.plist
launchctl load /System/Library/LaunchDaemons/ssh.plist
it should be already working with the new port number.
You can "ssh -p 2222 user@localhost" in the console terminal and see if its working.
Since I am no expert on MacOS X, and it is a macbook pro that I am using, I also rebooted the system and changes were reflected permanantly.
Thank you guys! -
Mailserver using non-standard smtp port
how do i set SMTP to accept connections on a non-standard port (i.e. 2525 or something)?
i'm running a mail server and my residential isp (comcast) after ten years of peaceful coexistence decided that they need to block port 25. so i am setting up a commercial store/forward mail relay service. all i need to do is set up my snow leopard server to accept incoming connections on a port other than 25. sounds easy. it is mentioned in the docs thusly:
"By default SMTP is enabled on port 25. If port 25 is blocked in your environment,
you need to change the port SMTP uses."
... but that's all i can find. specifically, it doesn't say exactly how to change the port.
any help appreciated.following up to my own post. hoping this info may be useful for others who face the same issue who are running a server and then having email ports blocked by their ISP's.
i worked around this by signing up for a mail relay service (i use the one provided by dnydns.com). they forward incoming mail for my domain over a nonstandard port.
since i never received an answer to my question about how to make SnowLeopardServer email server accept SMTP connections on other ports, i simply used port mapping in my router (Airport Extreme) to redirect this port (i used 2525) on my WAN address to port 25 on my server - an acceptable workaround.
i also did the same port redirection for the other "standard alternative" smtp ports, 465 and 587.
since my ISP blocks port 25 in both directions, i also needed to find a work-around for outgoing mail as well. previously, my mail server simply forwarded to my ISP's smtp server (using the default port 25). here the Server Admin interface worked but with one "trick": under Mail>Settings>General, i left the box for "Relay outgoing mail through host:" checked, and in the field there i put "[smtp.myispdomain.net]:587" (that is with square brackets, and a colon, but no double-quotes - and of course, use your own smtp server's domain name). afaik this is not documented anywhere in the apple-provided docs, but i found the corresponding docs for postfix, and reverse-engineered it.
so now i can read (via IMAP) and send (via SMTP) mail from my home server, both when i am on my LAN and when i am accessing remotely, and effectively work around the bi-directional block of port 25 imposed by my ISP.
i'd still like to know if there is a method of configuring smtp to accept connections on ports other than 25. i can see how to do it by editing /etc/postfix/master.cf, but afaik that file gets overwritten by Server Admin... -
L550/010 USB port not working properly, non-standard USB ports
I wondering if anyone can shed some light on this strange problem I'm having with my laptop USB ports.
Background.
I have a USB device (CED-M2 USB Chronograph). The device comes with Windows 7 software to upload fps readings.
The CED has a calculator style keyboard - so you can lookup data without the laptop.
My L550 PSLWSA-01000Q, is running Windows 7 professional.
Problem.
When I connect the CED into the USB port the buttons on the CED no longer operate, As soon as the USB lead is disconnected the buttons work. Uploading the data doesn't work either. The buttons freeze occurs as soon as I plug into a powered USB port (even if user not logged into Windows and programs are not running).
I've installed the upload program onto two PC's at home (Vista Home and Windows 7 Home) and both PC's connect to the CED and upload fine. Furthermore, the CED push buttons works perfectly! So, this leads me to think that the hardware or signals from the laptop USB ports is not standard.
I've tried all three laptop ports (e-Sata/USB and normal USB ports), same problem.
Any ideas what could be causing this problem?Hi Jerry
Firstly, thanks for repsonding.
All L550/010 USB ports appear to work well on other devices (Sierra Wirless card, HP optical mouse, HTC phone), doesn't matter which port (USB, Esata/USB) all works fine with these units.
I've tried connecting the Chrono via a USB 4 port expander - same problem, no comms, chrono buttons locks up. Connect to Home PC running Vista Home and Windows 7 Home and works fine 9 - just can't take those to the range.
The Chrono unit is self powered (9V Alkaline) and it's new, so USB supplied 5V is not a problem.
The buttons seize whenever the laptop is powered up. Also, if the chono unit is powered down, connecting the USB lead to the laptop turns it on (wakes up). This wake up functions on both home desktop PC's and laptop (good), however, with the laptop I can't power down the Chrono as the buttons don't work.
Whilst laptop connected, and rebooting the Laptop, the Chrono buttons will work just before the Press F2 for setup screen comes up - so could it be electrical.
I've downloaded the latest BIOS from Toshiba and Intel chipset too - no change.
I got the unit to connect once tonight - when I plugged my mouse in at the same time - USB configured for mouse, and whilst doing that the Chrono worked. Once mouse working, Chrono stopped. Can't repeat results. -
Alert emails to a non standard SMTP port
Is it possible to configure LiveCycle ES 8.2 to send its alert emails to an SMTP server on a non standard port? In the AdminUI there is a field for the server but not for the port.
Thanks,Hi Jon
Sorry, I thought we were talking about Task Notifications not Administrator Notifications.
Changing the port in the Email Notifications process will work for Task Notifications.
Administrator Notifications use the Java mail default, which is port 25 unless otherwise specified on your system.
Are you using the JBoss Turnkey?
if so, you can try this:
1. Navigate to C:\Adobe\LiveCycle8.2\jboss\server\all\deploy
2. Locate the properties-service.xml file.
3. uncomment the following block and set the property as follows:
<!--
| Set raw properties file style properties. -->
<attribute name="Properties">
smtp.mail.port =<your port #>
</attribute>
4. You don't need to restart JBoss.
The only downside is that this is now the smtp port for that server and any other apps on that server.
If you can live with that, it's an easy workaround.
Diana -
We have a non-Windows server running Cold Fusion and two
separate websites. One uses a the standard HTTP port, the other one
uses a different port. How do you get Cold Fusion to recognize the
second port in addition to the first port?Hi,
It inserts this header in HTTP which normally listens on 80. Even though HTTP is listening on any different port, we should be able to insert the header. This should work fine.
Regards,
Kanwal
Note: Please mark answers if they are helpful. -
SPA3102 Non-standard SIP port in dial plan
Hi, a VoIP provider uses port 5068 instead of standard 5060. I tried to use it in the dial plan of SPA3102, but failed. Using another provider that uses standard 5060 port I've narrowed down the problem to the following:
This one works:
(7495x.<:@sipnet.ru;usr="xxx";pwd="xxx";nat="yes">)
Adding a SIP port prevents it from working: (7495x.<:@sipnet.ru:5060;usr="xxx";pwd="xxx";nat="yes">)
Can anyone give any clues how to specify a port in the dial plan?
Message Edited by V_l_a_d on 06-21-2008 06:45 AMAs far as I know you just have to change the port.
(S0 < :userid@spa2_WAN_EXTERNAL_IP:5061 >)
< 011852,: >xxxxxxx< :@gw.macau-tel.com:5080;usr=Joe;pwd="90f-fkd";nat=yes > -
SCSM setup with non-standard SQL port
Trying to install SCSM 2012R2 management server, and the SQL server I need to use is listening on port 5500 instead of the standard one. For internal reasons I don't think I can change this.
Is there a way to get the install to pick this up properly?
Currently it doesn't find the instance at all...
Thanks.
No sig is a good sigHi Andrew,
unfortunately the ports from SCSM Management server (and DW) to the SQL server are not configurable, so it has to be TCP: 1433
http://technet.microsoft.com/en-us/library/hh495567.aspx
Quote: "As part of your security infrastructure, you may want to keep track of port numbers that are used throughout your System Center 2012 – Service Manager environment. And while, in this release, these port numbers
are not configurable" -
How to set non-standard SFTP Port
I'm using Contribute 3.0, and there doesn't seem to be a way
to set the port number when using SFTP. Every other program that
I've used to connect to our SFTP server lets me change the port
from the standard 22 to the arbitrary number our IT guys have
chosen.
Is there any way to do this in version 3.0? Will I be able to
set the port if I upgrade to CS3?Have you tried something like this:
ftp.mysite.com:81
Maybe this is a nice document for your tech guys:
http://help.adobe.com/en_US/Contribute/4.1_CPS/ContributeCS3Help-Deploying.pdf -
ACS 5.5 SFTP repository non-standard TCP port
is it possible to change the TCP port in a SFTP repository from 22 to something different ?
like this is not working
repository sftp1
url sftp://10.10.0.8:22222/user1
user user1 password hash bc14bc179d2708cc31cbc22ee6a679cd22c095a1There is not much information inside the defect. We've been seeing different customer's experiencing this issue.
<B>Symptom:</B>
SFTP stops working after upgrading to ACS 5.5
<B>Conditions:</B>
once we upgrade to ACS 5.5
<B>Workaround:</B>
NA
Try this one, this should work
https://tools.cisco.com/bugsearch/bug/CSCum93359/?reffering_site=dumpcr
Regards,
Jatin
**Do rate helpful posts** -
ACE30/4710 - will x-forwarded-for work for non standard HTTP Ports?
Can I use x-forwarded-for on an ACE30 or ACE4710 to pass source IP details if my web service isn't using Port 80 or 443? Will it work satisfactorily for HTTP running on other ports (e.g. Port 8080)?
Hi,
It inserts this header in HTTP which normally listens on 80. Even though HTTP is listening on any different port, we should be able to insert the header. This should work fine.
Regards,
Kanwal
Note: Please mark answers if they are helpful.
Maybe you are looking for
-
How to change default compile directory tmp_ejb?
Dear all, Someone knows how to change the default directory "tmp_ejb...." in WebLogic Server 7.0? This is the default directory where WebLogic Server 7.0 generates and compiles the EJB's declared in config.xml. I try to specify the attribute TmpPath=
-
Variances in COPA docs because of the old/new fiscal years
Hello Experts, here is the scenario of my issue. During the last day of the fiscal year there were some billing documents created. So there are COPA documents with material costs of that year. However, on the second day of the new fiscal year those b
-
My macbook Pro doesn't see my bluetooth headphones
Hi, I got a new macbook pro and I am using Sony DR-BT21G headphones, these are bluetooth indeed. The problem is that my macbook does not see my headphones when I am trying to set it on my Mac. The headphone does not work more if I enter the IP of my
-
I have been updating my site over the last week, using Iweb SEO TOOL, but suddenly 2 days ago I can no longer update when i go to publish it says "invalid password "on Iweb Test. and on SEO Tool, Login Failed Login Authentication Failed, the password
-
HELP! my internet keeps quitting!
Whenever i use my internet (Firefox or Netscape) they just quit by themselves and then a message pops up saying: "The application Firefox has unexpectedly quit. The system and other applications have not been affected." I have an iMac OS 9 and it's f