7

I am running CentOS release 6.2 (Final).

I want the sshd port of listen on ports 22 and 1022.

I have add the following lines to /etc/ssh/sshd_config:

Port 22
Port 1022

and restarted sshd and turned iptables off however I cannot connect to sshd on port 1022.

Even if I do the following

#Port 22
Port 1022

sshd continues listening on port 22 and does not listen on port 1022. I have tried other port values besides 1022 but no luck.

Help!

user1172468
  • 299
  • 1
  • 2
  • 11

3 Answers3

13

If you were using CentOS 5 the configuration you describe does work but a quick test suggests that sshd on CentOS 6 won't bind to any port below 1023 except 22 - I can't find a reference for this at the moment. If you want to access sshd on multiple ports then pick one >=1024.

Update - this is related to SELinux. Current policy doesn't allow sshd to bind to non standard ports below 1023 (as experiment confirms) e.g.

semanage port -l | grep 22
ssh_port_t                     tcp      22

If you want to add an additional port <=1023 you will have to explicitly allow it in SELinux

semanage port -a -t ssh_port_t  -p tcp 1022
semanage port -l | grep 22
ssh_port_t                     tcp      1022, 22

then restart sshd

netstat -tnlp
tcp      0    0 0.0.0.0:22          0.0.0.0:*             LISTEN      25376/sshd
tcp      0    0 0.0.0.0:1022        0.0.0.0:*             LISTEN      25376/sshd
user9517
  • 114,104
  • 20
  • 206
  • 289
0

With demise of Centos, I thought it might be helpful to link the solutions in Red Hat Customer portal to configure multiple SSHD services on different ports (i.e., have a different port for third party vendors to connect non-standard port).

Please note: The RHEL links only showed changing the port, but not all the other SSH hardening techniques used

From this CENTOS article above, it was smart to change the "PidFile" PidFile /var/run/sshd-another.pid

RHEL LINKS:

LINK : https://access.redhat.com/solutions/1166283 2nd SSHD on RHEL7/8 LINK : https://access.redhat.com/solutions/63129 2nd SSHD on RHEL5/6

SSH HARDENING TIPS:

LINK : dev-sec.io/baselines/ssh

Larry Timmins
  • 1
  • If you have a new question, please ask it by clicking the [Ask Question](https://serverfault.com/questions/ask) button. Include a link to this question if it helps provide context. - [From Review](/review/late-answers/508197) – neofutur Jan 06 '22 at 21:23
0

This is basically not recommended but anyway this is achieve-able.

cp /etc/ssh/sshd_config /etc/ssh/sshd_config-another

Edit the sshd-config-another file and assign different port no and pid file.

Port 1022
PidFile /var/run/sshd-another.pid

Now run, 

ln -s /usr/sbin/sshd /usr/bin/sshd-another
cp /etc/rc.d/init.d/sshd /etc/rc.d/init.d/sshd-another

Open the new init script and make changes accordingly.

# config: /etc/ssh/sshd_config-another
# pidfile: /var/run/sshd-another.pid
[ -f /etc/sysconfig/sshd-another ] && . /etc/sysconfig/sshd-another
prog="sshd-another"
SSHD=/usr/sbin/sshd-another
PID_FILE=/var/run/sshd-another.pid

Create /etc/sysconfig/sshd-second file.

OPTIONS="-f /etc/ssh/sshd_config-another"

Separate PAM configuration.

ln -s /etc/pam.d/sshd /etc/pam.d/sshd-another

Restart the service.

service sshd restart
service sshd-another restart

Chkconfig it.

chkconfig --add sshd-another
chkconfig on sshd-another
Soham Chakraborty
  • 3,534
  • 16
  • 24
  • Hi Iain, can you point me to the documentation please. I must have been overlooking things then. – Soham Chakraborty Dec 24 '12 at 13:04
  • 1
    Look up the Port directive in man sshd_config. – user9517 Dec 24 '12 at 13:13
  • 4
    This answer is interesting but is an answer to a different question, which would be: can I run two different `sshd` instances with two different configs? And you're writing how to do it. This is useful in particular when some server has to ensure continuity of a ssh service which was served by another machine with another private server key. – Stéphane Gourichon Nov 21 '15 at 19:01