IOS Zone firewall (ZFW) & changing SSH listening port

Similar Messages

• Changing the listening ports of ARD

  I know how to change the listening port of SSH from 22 to some other number.
  Is there any way to configure ARD (in plist maybe?) so that it can try connecting to SSH on a non-default port number.
  Whilst I know how to secure SSH (not properly secured in OS X by default) I would rather change it's listening port to avoid the traffic that will simply try to bruteforce in.
  So if I edit ssh_config and sshd_config on my Macs will this break ARD? Or if these conf files are properly edited (ssh_cnfig on client changed to port 22222 and sshd_config on server changed to 22222) will ARD connect seamlessly?
  In short does ARD absolutely need Remote Login (SSH) to be running on the default port 22?

  hmm okay, but i don't need to port forward 22 from my router to my mac to allow ARD access, only ports 5900, 5988 and 3283.
  That improves things since 22 is not visible to the WAN.
  Still, I'd like to know the answer to my question in the previous post.
  And what about re-mapping VNC from 5900 (another obvious target although prob not vulnerable to VNC exploits since I expect Apple have modified this service and somehow hooked it into the authentication of the ssh protocol)?
  Message was edited by: doz

• How to change the listener port number on a standby database

  i want to change the listener port number from 1525 to 1545, which is running on a standby database.
  i did the following steps and got some error.
  1. i stop listener and modfy listener.ora
  2. i login in standby DB and issue 'alter system set local_listener='(address=(pro=tcp)(host=10.10.10.10)(port=1545))';'
  3. i login in dg broker and issue 'edit database 's1' set property 'LocalListenerAddress'='(address=(pro=tcp)(host=10.10.10.10)(port=1545))';' and a error coming out ORA-16703: cannot set the property while the database is enabled
  4. then i disable database
  DGMGRL> disable database 'ssmscs';
  5. DGMGRL> edit database 's1' set property 'LocalListenerAddress'='(address=(pro=tcp)(host=10.10.10.10)(port=1545))';
  Error: ORA-16541: site is not enabled
  Configuration details cannot be determined by DGMGRL
  what can i do ? can anybody help me out? thanks in advance.
  Edited by: user1835127 on Nov 19, 2008 2:09 AM

  Hi
  You have to edit the following files in $ORACLE_HOME/network/admin or $TNS_ADMIN/ :
  In your listener.ora on your standby
  MQ_LIST =
  (DESCRIPTION_LIST =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = TCP)(HOST = superman.dk)*(PORT = 1524))*
  TNSNAMES.ORA (on your primary and standby)
  MQ_LIST =
  (DESCRIPTION =
  (ADDRESS = (COMMUNITY = tcp.world)(PROTOCOL = TCP)(Host = superman.dk)*(PORT = 1524))*
  (CONNECT_DATA = (SID = MQ_LIST))
  after that do
  lsnrctl reload

• Problem when I tried to change weblogic listen port from 7001 to 80

  HI! I have problem when I tried to change weblogic listen port from 7001 to 80. When I changed from 7001 to 7777 then all works ok! But why not on 80? With apache all works ok on 80 too.
  I restart my weblogic server and then I have following errors.
  <2009.1.4 16:02:13 EEST> <Notice> <WebLogicServer> <BEA-000365> <Server state ch
  anged to STARTING>
  2009.1.4 16:02:14 oracle.as.jmx.framework.PortableMBeanFactory setJMXFrameworkPr
  oviderClass
  INFO: JMX Portable Framework initialized with platform SPI "class oracle.as.jmx.
  framework.wls.spi.JMXFrameworkProviderImpl"
  2009.1.4 16:02:15 oracle.adf.share.config.ADFConfigFactory cleanUpApplicationSta
  te
  INFO: Cleaning up application state
  <2009.1.4 16:02:22 EEST> <Notice> <Log Management> <BEA-170027> <The Server has
  established connection with the Domain level Diagnostic Service successfully.>
  <2009.1.4 16:02:22 EEST> <Notice> <WebLogicServer> <BEA-000365> <Server state ch
  anged to ADMIN>
  <2009.1.4 16:02:22 EEST> <Notice> <WebLogicServer> <BEA-000365> <Server state ch
  anged to RESUMING>
  <2009.1.4 16:02:22 EEST> <Emergency> <Security> <BEA-090087> <Server failed to b
  ind to the configured Admin port. The port may already be used by another proces
  s.>
  <2009.1.4 16:02:22 EEST> <Error> <Server> <BEA-002606> <Unable to create a serve
  r socket for listening on channel "Default". The address 85.254.224.235 might be
  incorrect or another process is using port 80: java.net.BindException: Address
  already in use: JVM_Bind.>
  <2009.1.4 16:02:22 EEST> <Critical> <WebLogicServer> <BEA-000362> <Server failed
  . Reason: Server failed to bind to any usable port. See preceeding log message f
  or details.>
  <2009.1.4 16:02:22 EEST> <Error> <Server> <BEA-002606> <Unable to create a serve
  r socket for listening on channel "Default[2]". The address 127.0.0.1 might be i
  ncorrect or another process is using port 80: java.net.BindException: Address al
  ready in use: JVM_Bind.>
  <2009.1.4 16:02:22 EEST> <Error> <Server> <BEA-002606> <Unable to create a serve
  r socket for listening on channel "Default[1]". The address 192.168.0.102 might
  be incorrect or another process is using port 80: java.net.BindException: Addres
  s already in use: JVM_Bind.>
  <2009.1.4 16:02:22 EEST> <Notice> <WebLogicServer> <BEA-000365> <Server state ch
  anged to FAILED>
  <2009.1.4 16:02:22 EEST> <Error> <WebLogicServer> <BEA-000383> <A critical servi
  ce failed. The server will shut itself down>
  <2009.1.4 16:02:22 EEST> <Notice> <WebLogicServer> <BEA-000365> <Server state ch
  anged to FORCE_SHUTTING_DOWN>
  2009.1.4 16:02:22 oracle.adf.share.config.ADFConfigFactory cleanUpApplicationSta
  te
  INFO: Cleaning up application state
  2009.1.4 16:02:22 oracle.adf.share.config.ADFConfigFactory cleanUpApplicationSta
  te
  INFO: Cleaning up application state
  Best regards!

  Debuger,
  It does not matter which WLS version I am using (although I'm using 10.3, the one that comes with JDev 11g).
  The problem is that SOME OTHER PROCESS on your machine is listening on port 80. Guess you need to go to the Microsoft forums to find out how you can tell what that OTHER, NOT WLS process is.
  John

• Changing OPMN listen port

  Hi,
  I have changed opmn listen port in opmn.xml file and i am able to start obi components from command line but in Enterprise Manager it still remembers old 9501 port. As a result I can't manage BI componets from EM. Can anyone help me with this?
  Thanks

  Check this link may help you
  http://skrajend.blogspot.com/2011/03/obiee-11g-managing-ports.html
  Pls mark if helps

• Changing SSH default port from 22 to 8080

  Hi all,
  I have deployed SSH on my home solaris 10 x86 machine and it was working fine through the default port 23.
  But the problem is that i can't connect to it from work as the firewall blocks outgoing SSH traffic. So i want to change the default port from 23 to 8080.
  i changed the value of Port in /etc/ssh/sshd_config.
  Then i ran the command
  /usr/lib/ssh/sshd -f /etc/ssh/sshd_config
  because as far as i know from the man pages it will cause the daemon to reread the configuration file thus the new value for port but still it didnt' work.
  Also i tried the command
  /usr/lib/ssh/sshd -p 8080
  but didn't work also
  I tried to restart the ssh daemon after both commands but still the same result.
  Would anyone please help me with this issue as i still don't have much experience in solaris.
  Thanks in advance.

  Ok, So i installed lsof, but
  When i ran that command i got this output
  bash-3.00# lsof -M | grep 8080
  sshd 1085 root 3u IPv6 0xd43e21c0 0t0 TCP *:8080 (LISTEN)
  it seems that sshd is occupying port 8080 but still ican't login from a remote machine.
  When i try it asks me to enter the username and then displays a messaing "Using keyboard-interactive authentication" then asks for password, When i enter the password it gives me "Access denied" although iam sure this is the right password.
  When i try to connect to port 22 things go fine and i can login with the same user "root" with no problems (i know accessing remotely using root is not secure but that is not the problem for the moment)
  So i did that
  ps -ef | grep ssh
  root 1085 1 0 19:05:07 ? 0:00 /usr/lib/ssh/sshd
  root 1093 1 1 19:05:51 ? 0:00 /usr/local/sbin/sshd
  Note that the PID for the process grabbing the port is the same for /usr/lib/ssh/sshd
  so is that the ssh daemon or is it /usr/local/sbin/sshd ????
  Please advise. Note that iam not experienced in solaris so please take it easy with me.
  Thanks

• Changing the listener port number in a cluster environment

  Hello,
  I have an Oracle 10g database on a Windows cluster environment with Oracle Fail safe. I am trying to change the default listener port number - these are the steps I have done to change the port number:
  1) Take the listener offline via Oracle Fail safe
  2) stop the original listener from the command line
  3) change the port number in the listener.ora file & save
  4) start the original listener
  5) bring the listener online in Fail safe
  6) register the listener in the database with ALTER SYSTEM SET LOCAL_LISTENER....
  After all this, when i check the status of the listener via lsnrctl, i see that the new port number is used, however in the Fail safe administrator, I still see the default port 1521. How do I go about changing the port number so that Fail safe also registers the change?

  I did troubleshooting to verify the group, but this just changed the port number back to the default in the listener.ora & tnsnames.ora.
  So I did all the steps again to change the port number from the default to another - via lsnrctl status, i see that the new port number is being used, I can also log in to the database via Toad using the new port number, in v$parameter i see that the local_listener is registered on the new port number....only under the Fail Safe manager, the port number (under listener parameter) has not changed....it still shows the default port number. Anyone know how to change this???

• Changing the Listener Port Number

  Hi RACers,
  I need to change the TNS listener port number from the default of 1521 (don't ask!).
  I'm on Solaris10/Oracle10g 10.2.0.3 using a 2 node cluster.
  I've tried editing the relevant files, bouncing everything and re-starting CRS, but that doesn't work. I tried using Netca to delete the listener and re-create it with a different port number and that didn't work either. The instances did not re-register despite having their local_listener parameter changes.
  Obviously I'm doing something wrong, but don't know what. Any ideas or do you know where a procedure to do this is documented?
  Thanks in advance.

  My posting was not aimed at the OP at all.. not his fault that Oracle insists on using a TCP port that's NOT registered for Oracle use.
  It is all Oracle's fault that port 1521 is used instead of 1527.
  As for what Oracle books say.. bahumbug. Means nothing ito playing by the same networking rules as everyone else.
  Port 1527 is what is registered for and by Oracle as use for Oracle tcp traffic. Not fricken port 1521!
  And why is this a problem?
  If you're in the network business and deal with everything and anything from network analysis and management to rewriting ToS bytes for proper DiffServ application.. then it is very frustrating to find a major company like Oracle ignoring the networking rules.
  I read that as Oracle telling us "screw you".

• ACS 4.1 change Radius listen port

  In ACS 3.3 it was possible to specify the radius listen port with registry keys:
  [HKEY_LOCAL_MACHINE\SOFTWARE\Cisco\CiscoAAAv3.3\CSRadius]
  "AuthenticationPort"=dword:0000064e
  "AccountingPort"=dword:0000064f
  "AuthenticationPortNew"=dword:0000064c
  "AccountingPortNew"=dword:0000064d
  This does not work anymore in version 4.1.
  Does anyone know how to change the radius listen port in version 4.1 ?
  Thanks,
  Gerard van Bon

  In 4.x all registry config was moved into the sql anywhere db.
  If you can get hold the Sql Anywhere dev kit to get the Db edit app AND know your ACS database password and then can find the value in the table structure.. then yes you could change the RADIUS listen port.

• Trying to change Oracle listener port 1521 to nodefault port on Oracle RAC

  Could somebody please help me in the process of changing teh Oracle listener port 1521 to a non-default port on an Oracle RAC environment. I am total of four instance.
  Regards.

  Please read carefully about LOCAL_LISTENER parameter, you shouldn't put there just hostname....
  Another way to do so - statically register database SID in listener. You should do it in listener.ora file, please read carefully documentation, otherwise you can use netca utility - it could make configuration for you properly.

• How do I change the listener port for APEX on XE

  Hi all,
  I did a default install of XE onto a Linux box which is my DMZ server. The default port for the listener is 8080, however I have since found that port 8080 is the port for proxy servers and therefore I cannot access APEX on my DMZ site from behind a client's proxy server.
  Is there is simple way to change the listener to port 80 for access to APEX.
  Many thanks
  Bryan

  Hi Bryan,
  See http://download.oracle.com/docs/cd/B25329_01/doc/admin.102/b25107/network.htm#BHCBABJB
  Hope this helps,
  Andrew
  http://www.apexskins.com

• Multiple SSH listening ports on Catalyst switches

  Hi community,
  On Cisco Routers you have the option to configure multiple SSH ports (instead of the default tcp 22) in combination with rotary groups. Then, attach these rotary groups to specific VTY lines.This works just fine.
  But, it seems on Cisco switches, you can not define different SSH ports. The command Router(config)#ip ssh port portnum rotary group is not available. You can use the rotary statement on the VTY lines, but this works only for Telnet connections.
  Does anyone know, if it's possible to use the rotary groups on switches with SSH? The goal which I am trying to achieve is, I want to use multiple AAA method lists, and define these under specific VTY lines. That way, I am able to designate specific users, connecting from specific IP addresses, on a dedicated VTY line, with a custom AAA method list.
  Any help is much appreciated!
  Kind regards,
  Dion Dohmen

  Hi,
  I am currently using 12.2(58)SE2 on the 3560.
  Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(58)SE2, RELEASE SOFTWARE (fc1)
  I downgraded my IOS to check if it's still supported for the 3560 on 12.2(55)SE1 and it's not.
  XXX uptime is 1 minute
  System returned to ROM by power-on
  System restarted at 14:38:50 GMT Tue Jul 29 2014
  System image file is "flash:/c3560-ipservicesk9-mz.122-55.SE1.bin"
  XXX(config)#ip ssh ?
    authentication-retries  Specify number of authentication retries
    dscp                    IP DSCP value for SSH traffic
    logging                 Configure logging for SSH
    precedence              IP Precedence value for SSH traffic
    source-interface        Specify interface for source address in SSH
                            connections
    time-out                Specify SSH time-out interval
    version                 Specify protocol version supported
  XXX(config)#ip ssh
  I then upgraded to 12.2(55)SE9 and it's still not supported.
  XXX uptime is 1 minute
  System returned to ROM by power-on
  System restarted at 14:47:49 GMT Tue Jul 29 2014
  System image file is "flash:/c3560-ipservicesk9-mz.122-55.SE9.bin"
  XXX(config)#ip ssh ?
    authentication-retries  Specify number of authentication retries
    dscp                    IP DSCP value for SSH traffic
    logging                 Configure logging for SSH
    precedence              IP Precedence value for SSH traffic
    source-interface        Specify interface for source address in SSH
                            connections
    time-out                Specify SSH time-out interval
    version                 Specify protocol version supported
  XXX(config)#ip ssh
  I would recommend that you upgrade but I don't see any point unfortunately.
  Thanks,
  Nehmaan

• Changing listening port for SSH on IDS

  What command would I use to change the listening port on a 4200 series IDS? I have it listening on another port, and when I applied the S189/S190 update, it changed SSH back to port 22.
  Just out of curiosity too, does anyone know what else the S189/S190 updates change?
  Thanks,
  Jim

  After looking around, I think it may be the /etc/ssh/sshd_config file that needs to be modified. However, I wanted to double check that with the community. If I modify that file and restart ssh, will I mess anything up and lock myself out of remote access?
  Thanks!!

• RDP listening port needs to be changed on one client PC - can't connect via Anywhere Access

  We have a setup with Server 2012 Essentials and 10 workstations. We have setup Anywhere Access and is working fine. We have one system (Windows 7 Pro) on the network running AADS Server (use to be called XP Unlimited). This allows several users to logon
  to that PC remotely at once as well as someone local using it. This PC needs to be changed from the default 3389 port due to the new AADS Server version requiring it. When ever we change the listening port we cannot remote desktop into this PC. It is available
  in Remote Web Access Portal but just sits trying to connect. We have allowed the new connection in the Windows Firewall and even turned the firewall off as a test with no luck.
  My question is, can we change the default 3389 port connection that the Server redirects you to for one PC on the network? If not how do you change in the Server to look at another local port for RDP once in the portal?
  Thanks, Jason

  Hi Jboy,
  Can you navigate to HKEY_LOCAL_MACHINE, SYSTEM, CurrentControlSet, Control, Terminal Server, WinStations and RDP-Tcp.  Right click on the PortNumber dword and select Modify.  Change the base to Decimal and enter a new port between 1025 and 65535
  that is not already in use. Finally click OK.
  http://support.microsoft.com/kb/306759
  Thanks,
  Umesh.S.K

• How Do You Change the Remote Desktop Listening Port in Win 8.1 Pro

  I am trying to setup two Win 8.1 Pro computers for Remote Desktop access on my local network. I can get Remote Desktop working fine on both when they are using the default RD port 3389. I am unable to change the listening port on one of the computers so
  that I can access either via a public Internet connection. I change the listening port in the Registry, reboot the computer and verify that the port number has been changed BUT the computer still responds to the old port 3389 and can't connect via the new
  port number. I added a Firewall rule for the new port, but that did NOT solve the problem. 
  I have followed the procedure below and verified in the Registry that the port is changed but the Remote Desktop remains accessible only on the default port 3389. The new port number in the Registry is 39699. I used a network scanner and it shows the computer
  is still listening on port 3389 for Remote Desktop connections. Why is Win 8.1 Pro ignoring the new port number in the Registry and still responding on 3389? Is there another place in Win 8.1 Pro that the port also needs to be changed. I also added a new rule
  in the Firewall to allow incoming requests on port 39699? This is a very frustrating problem, any suggestions are greatly appreciated. 
  I followed the procedure shown below.
  Hi ,
  Based on my test, we can change the listening port for Remote Desktop.
  To change the port that Remote Desktop listens on, follow these steps.
  1.Start Registry Editor.
  2.Locate and then click the following registry subkey:
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber
  3.On the Edit menu, click Modify, and then click Decimal.
  4.Type the new port number, and then click OK.
  5.Quit Registry Editor.
  6.Restart the computer.
  Meanwhile, please note, please type the new integer port number between 1025 and 65535 in the PortNumber text box.
  And make sure the new port number is not in use by other application.
  We may use the command below to check the result.
  netstat -a
  Also, we can use Network Monitor to trace the port.
  Microsoft Network Monitor 3.4
  Regards,

  Hi,
  There are two item that should be modified to change the default 3389 port:
  One is: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp]. Modify  the PortNamber to the one you want.
  The other is: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentContro1Set\Control\Tenninal Server\WinStations\RDP\Tcp]. Modify the PortNumber to the one you want.
  In your case, you missed the first one.
  Regards
  Wade Liu
  TechNet Community Support