>> 1) is it possible to enable ssh access on WAN?
>>If yes, how?
>
>>It is enabled on all IPs ... just create a rule
on
>>the WAN to allow it.
>
>> 2) is it possible to change port number on WAN
>>side to keep out automated ip-scanner?
>
>>Setup is in the "System > Advanced Functions ...
>>there you can enable it on a non-standard port
>>(BTW this is a global setting).

On an added note ... if you "really" need sshd to
listen on specific interfaces you can manually
edit /etc/ssh/sshd_config and add a ListenAddress
directive, then restart sshd.

Here's how:

INITIAL SETUP:
Setup you ssh in the [System: Advanced functions]
page w/ your custom port.  I like to use 212 {IEEE
- "ATEXSSTR"
port},
but you can choose "MOST" any TCP port, another
good candidate is
TCP 2120 {IEEE - "Quick Eagle Networks CP" port}

ENSURE THAT SSHD IS RUNNING AND LISTENING:
netstat -an | grep -v grep | grep 212
tcp4       0      0  *.212      *.*     LISTEN

THEN EDIT THE SSHD CONFIG & ADD THE
"ListenAddress" LINE(S):
vi /etc/ssh/sshd_config

~
#
# LAN ADDRESS
ListenAddress 192.168.0.100
# WLAN ADDRESS
ListenAddress 10.10.10.100  
#
~

SAVE THE FILE AND FIND THE PID FOR SSHD:
!! NOTE !!
DO NOT use "pkill -HUP sshd" or you WILL knock
yourself off the box. 


ps -xu | grep -v grep | grep sshd

root 64984  0.0  0.2  3064  2580  ??  Is    9:21AM
  0:00.01
/usr/sbin/sshd
root 65028  0.0  0.3  5744  2752  ??  Ss    9:21AM
  0:00.27 sshd:
[EMAIL PROTECTED] (sshd)

pkill -HUP 64984

NOW CHECK TO SEE IF THE NEW LISTENERS HAVE TAKEN:
netstat -an | grep -v grep | grep 212

tcp4   0   0  192.168.0.100.212     *.*    LISTEN
tcp4   0   0  10.10.10.100.212      *.*    LISTEN

ADDITIONAL NOTES:
-> "Rules" serve as the starting point for
"allowing" service
interaction.
-> If ssh is enabled on the WAN (NOT AT ALL
reccommended !!!) use
keys.

--
David L. Strout
Engineering Systems Plus, LLC


Reply via email to