openssh : using Port statement in ssh_config - SSH

This is a discussion on openssh : using Port statement in ssh_config - SSH ; I am trying to create several restricted back doors on a server via OpenSSH_4.2p1, OpenSSL 0.9.8 05 Jul 2005... (sol 9) - named system1 in short, openssh is installed and works fine on port 22. User restriction is configured by ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: openssh : using Port statement in ssh_config

  1. openssh : using Port statement in ssh_config

    I am trying to create several restricted back doors on a server via
    OpenSSH_4.2p1, OpenSSL 0.9.8 05 Jul 2005... (sol 9) - named system1

    in short, openssh is installed and works fine on port 22. User
    restriction is configured by AllowUsers entries.

    I have created ssh_config.it and sshd_config.it files (for use by the
    IT department). These files are all but the same as the non suffixed
    files, aside from tweaks for the Port, which for testing purposes is
    set to 33 for the IT dept ssh config. I also have a startup script
    thyat runs sshd with the sshd_config.it file nominated. User
    restriction is also configured by AllowUsers entries.

    This is repeated on a second system. (system2)

    sshd daemons have been HUP'd on both systems.

    To test this I created a dummy user "bill" who was added to the
    allowusers entry on the "far" system for the IT config.

    I can show that a straight "ssh -l bill system1" from system2 fails as
    we would expect attempting to use standard port 22 as bill is not an
    allowed user in the configuration file.

    I can show that "ssh -p 33 -l bill system1" fro system2 connects
    successfully i.e. it uses port 33 and thus connects to the sshd daemon
    that uses sshd_config.it which has its Port statement using port 33.

    So - next step was to instead of using the "-p" option to instead use a
    ssh_client.it file with "Port 33" defined... (long story). A "man
    ssh" shows ..

    -F configfile
    Specifies an alternative per-user configuration file. If
    a con-
    figuration file is given on the command line, the
    system-wide
    configuration file (/etc/ssh/ssh_config) will be ignored.
    The
    default for the per-user configuration file is
    ~/.ssh/config.
    .... (in fact taken from the openssh website)

    However, "ssh -F /usr/local/etc/ssh_config.it -l bill system1" from
    system2 fails.. the log error is

    "User bill from 145.233.112.149 not allowed because not listed in
    AllowUsers".

    i.e. although the Port statement is set to 33 in the ssh_config.it file
    stipulated with the -F command line option it possibly isn't actualy
    using the port 33 to make the ssh connection.
    This has been shown to be likely as if bill is made an AllowedUser in
    system1's ssh_config file then everything connects fine.

    The above is the same whether I issue commands as root, or bill. It
    also makes no difference if I alter the permissions on the
    ssh_config.it file from the original 600 to 644 (although as bill the
    file cannot be read otherwise of course). Neither does it matter of
    the port is defined in /etc/services or not.

    It would appear that a non-"standard" port (ie not 22) cannot thus be
    stipulated via the ssh_config file ... there are possible other
    indicators of this as another system can happily ssh to other boxes
    even though IT's ssh_config file has Port set to 2345 (and no servers
    use this as their ssh port!).


    can I verify that

    - the supposition is correct
    - that either -F does not work OR I have confused its use!
    - the only way to use an alternative port is to use the -p command line
    option

    cheers

    ian


  2. Re: openssh : using Port statement in ssh_config

    On 2005-12-08, didds wrote:
    [..]
    > It would appear that a non-"standard" port (ie not 22) cannot thus be
    > stipulated via the ssh_config file ... there are possible other
    > indicators of this as another system can happily ssh to other boxes
    > even though IT's ssh_config file has Port set to 2345 (and no servers
    > use this as their ssh port!).


    Directives in an ssh_config file are associated with a "Host". You
    Probably just need to make the config file look something like:

    Host *
    Port 33

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

  3. Re: openssh : using Port statement in ssh_config

    dohhh!

    cheers darren!

    ian


+ Reply to Thread