Howto make SSH listens on multiple port
|
|
Although it is a security risks, it is possible to make OpenSSH listens on multiple port.
To do that, you need to edit /etc/ssh/sshd_config file. and enable the “GatewayPorts” option.
AllowTcpForwarding no
GatewayPorts yes
X11Forwarding no
#X11DisplayOffset 10
Look for the line that contain “Port 22″, and uncomment it if necessary, and add additional Port line to enable OpenSSH to listen to other ports. Like this:
Port 22
Port 80
Port 1025
The example will enable OpenSSH to listen to port 22,80,1025 simultaneously. Don’t forget to restart SSH service to enable the change by running :
sudo /etc/inet.d/sshd restart
Warning: Running SSH on multiple port may cause security risk, you have been warned!
Tags: openssh, port, security, Server, ssh
Keep updated with the latest posts, be a part of over 1,000 subscribers! : 
Subscribe to your email
You might also want to read...
- How to Enable Outgoing Keyserver port with iptables firewall
- How to secure your SSH server
- Iptables rule to safeguard SSH server from crackers
- How to limit MySQL port access to specific network
- Solving SSH “channel 3: open failed: administratively prohibited” error when tunnelling
- Howto create a simple Debian/Ubuntu Repository
- Howto solve ssh_exchange_identification: Connection closed by remote host error
January 5th, 2011 at 9:18 pm
I have this set up but I’ve never looked into the GatewayPorts option before, and my default Debian sshd_config file doesn’t mention GatewayPorts. Reading the man page about it doesn’t clarify much for me…
April 23rd, 2011 at 11:19 pm
To restart SSH command is
$ sudo /etc/init.d/ssh restart
July 3rd, 2011 at 6:04 am
GatewayPorts is not necessary to allow sshd to listen on multiple ports. It affects the behavior of forwarded ports. With GatewayPorts=no (default), other clients can’t connect to forwarded ports, because sshd listens only on the loopback address. With GatewayPorts=yes, any client can connect to a forwarded port, because it listens on the wildcard address (often specified as ‘*’ or ’0.0.0.0′). There’s also GatewayPorts=clientspecified, where the client can choose (default = wildcard).
Regardless, it doesn’t affect multiple ‘Port’ specifications.