HPE Community
Operating System - OpenVMS
1753465 Members
4617 Online
108794 Solutions
New Discussion юеВ

How To Change SSH Listener Port?

 
SOLVED
Go to solution
Rick Dyson
Valued Contributor

тАО11-13-2007 04:36 AM

тАО11-13-2007 04:36 AM

How To Change SSH Listener Port?

I want to use a port different than 22 to keep the daily thousands of brute force login attempts by hackers from pounding on my SSH door.

PSC's SSH for OpenVMS was easy to change by editing the server config file. I am now trying to do the same for HP's TCPIP for OpenVMS v5.4 ECO 6 (soon to be ECO 7). The obvious (to me) place is in the "SSHD2_Config." file where the "Port" parameter is stored. No Joy. Apparently this does not contol the port.

The TCPIP$Config seems to be hard coded to create the service on port 22. I have also looked into direct changes with
$ TCPIP Set Service SSH /Port=xxx
but even though TCPIP reports the service is listening on xxx, it is not and is still on port 22.

I did find a passing reference in the manual I could find about a job/process logical name, TCPIP$SSH_AGENT_PORT, but it was not clear to me how to use it.

Any ideas or suggestions?
0 Kudos
10 REPLIES 10
EdgarZamora
Trusted Contributor

тАО11-13-2007 05:32 AM

тАО11-13-2007 05:32 AM

Re: How To Change SSH Listener Port?


Did you disable then re-enable the service?
0 Kudos
Rick Dyson
Valued Contributor

тАО11-13-2007 05:47 AM

тАО11-13-2007 05:47 AM

Re: How To Change SSH Listener Port?

Yes. I disabled, deleted and then created from scratch (modeled on command in TCPIP$Config) a new SSH service:

$tcpip set service ssh /port=xxxx/prot=tcp/flag=tcpip/user=tcpip$ssh -
/process=tcpip$ssh /file=tcpip$system:TCPIP$SSH_RUN.COM -
/limit=10000 /reject=message="TCPIP SSH Connection refused" -
/log=(file:tcpip$ssh_device:[tcpip$ssh]tcpip$ssh_run.log, all)

I also had "SSHD2_Config." set with "Port xxxx" and made a system logical
Define/System TCPIP$SSH_Agent_Port xxxx

After all that, I used TCPIP$SSH_Startup and checked to find that the SSH server still was listening on Port 22.

Rick
0 Kudos
EdgarZamora
Trusted Contributor

тАО11-13-2007 06:54 AM

тАО11-13-2007 06:54 AM

Re: How To Change SSH Listener Port?

After you disable the service, do a

TCPIP SET NOSERVICE SSH

then do your TCPIP SET SERVICE SSH /PORT=nnnn blah blah

then do TCPIP ENABLE SERVICE

Worked for me.

0 Kudos
EdgarZamora
Trusted Contributor

тАО11-13-2007 07:39 AM

тАО11-13-2007 07:39 AM

Solution

Re: How To Change SSH Listener Port?

Attached is a log of what I did. Don't forget to edit the config file too.

Edgar
0 Kudos
Rick Dyson
Valued Contributor

тАО11-13-2007 08:14 AM

тАО11-13-2007 08:14 AM

Re: How To Change SSH Listener Port?

Thanks! I will look it over. I thought I had stopped, disabled, deleted and removed the service yesterday before starting on the alternate port. Maybe I missed a step and did not get the old config cleared out.

I am also going to upgrade to ECO 7 first. There are a lot of SSH-related fixes. So I want to get caught up and then make changes. :)

I will have to wait until I am able to get in front of this test box. I only have SSH into it remotely, so it is hard to change config and restart!

Rick
0 Kudos
Rick Dyson
Valued Contributor

тАО11-13-2007 08:26 AM

тАО11-13-2007 08:26 AM

Re: How To Change SSH Listener Port?

Edgar,

I see from your log that you got the appearance of it working. I too had the SSH service reporting it was listening on port xxxx. However, when I actually tried to connect to it, nothing responded until I hit port 22.

Can you confirm that the box you changed in your log capture, actually worked to respond to an incoming SSH connection on port 2222 and NOT on 22?

rick
0 Kudos
EdgarZamora
Trusted Contributor

тАО11-13-2007 08:39 AM

тАО11-13-2007 08:39 AM

Re: How To Change SSH Listener Port?

Rick,

I created a Smarterm SSH session to the VMS system. I used port 2222 and it works. I also attached a log of show device_sockets while I was logged in through ssh.

0 Kudos
EdgarZamora
Trusted Contributor

тАО11-13-2007 08:41 AM

тАО11-13-2007 08:41 AM

Re: How To Change SSH Listener Port?

And just to be sure, I did another SSH session using the default port and it didn't work.
0 Kudos
Rick Dyson
Valued Contributor

тАО11-13-2007 08:41 AM

тАО11-13-2007 08:41 AM

Re: How To Change SSH Listener Port?

Excellent! Thanks!
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.