Solved

Problems with OpenSSH on Windows - Cannot change Port number from 22 to 443

Posted on 2006-10-24
5
1,547 Views
Last Modified: 2008-01-09
Hello,

I've installed OpennSSH for Windows on my home-machine (XP) in order to get a VNC connection via Secure SSH tunnel to this machine. The client I use is PUTTY.
As long as I can use the port 22 everything works fine. But sometimes my client PUTTY is behind a firewall and only the ports 80 or 443 are possible to use. Thus I tried to change the port of my OpenSSH Server from 22 to 443. I edited the sshd_config file (not ssh_config!) and changed the port number from 22 to 443. After that I restarted the OpenSSh Server. The result is, that I don't get an connection on port 443 but still on port 22!! I assume that OpenSSH doesn't care about the entry in the sshd_config file and is still listening to port 22. Where is the place to change the port for OpenSSH?

Thanx a lot in advance!
0
Comment
Question by:new_user_xyz
  • 3
  • 2
5 Comments
 
LVL 1

Expert Comment

by:rllynch
ID: 17796015
It should be changed in sshd_config using the Port option.  You can also add additional ports using ListenAddress in sshd_config.  I believe something like "ListenAddress :443" would do the trick.

If OpenSSH is ignoring the Port line, is it possible when OpenSSH was launched, that the -p command line argument was supplied?  That would override the Port option with whatever port was supplied on the command line.  It won't override ListenAddress though, so adding a ListenAddress line to sshd_config might be the easiest fix.
0
 

Author Comment

by:new_user_xyz
ID: 17796193
thanx for the prompt answer!

I checked it out theoretical (because I've no access to my homemachine right now *g* ) but I think you can only specify an ip-address with the Listenaddress option, not a port number. But I check it out in practice later and let you know about what happend.

I tried to launch OpenSSH with the -p command line argument in order to specify port 443:

net start openSSH -p 443

but this is not a known command.
0
 
LVL 1

Accepted Solution

by:
rllynch earned 200 total points
ID: 17796496
I'm pretty sure ListenAddress works with either ports and/or addresses.  Here's the relevant man page passage:

ListenAddress
        Specifies the local addresses sshd should listen on.  The follow-
        ing forms may be used:

              ListenAddress host|IPv4_addr|IPv6_addr
              ListenAddress host|IPv4_addr:port
              ListenAddress [host|IPv6_addr]:port

        If port is not specified, sshd will listen on the address and all
        prior Port options specified.  The default is to listen on all
        local addresses.  Multiple ListenAddress options are permitted.
        Additionally, any Port options must precede this option for non
        port qualified addresses.

I think the host/IP address is optional for both the second and third form, even though it doesn't indicate so on the second form, but if sshd doesn't like "ListenAddress :443", then try "ListenAddress 0.0.0.0:443".  This should bind sshd to port 443 on all of your network interfaces.

As for the command line options, they need to be specified when the OpenSSH service was installed.  They can't be specified when you do a "net start".  For instance, if you installed the OpenSSH service using cygrunsrv, you'd specify the OpenSSH arguments using the cygrunsrv -a argument.  Uninstalling, then reinstalling the OpenSSH service with different arguments might also fix the port number, but would be a little more involved.
0
 

Author Comment

by:new_user_xyz
ID: 17797911
The problem was the following:

I allways opend the sshd_config file with the notepad editor and the newline is not recognized in notepad. The whole content is displayed in one big line. For that reason Ii didn't realize that there is a '#' at the beginning of almost every line including the line with the port number. This time I opend the config with wordpad, which displays the content in lines, and I realized at once what the problem is. I deleted the '#' at the beginning of the line and ...... ;-)
It's ok if I give you 200 points as a thank you for the time you spend with my question?
0
 
LVL 1

Expert Comment

by:rllynch
ID: 17798826
Sure, 200 points if fine.  Good to hear you got things working.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now