>> 1) is it possible to enable ssh access on WAN?
>>If yes, how?
>
>>It is enabled on all IPs ... just create a rule
on
>>the WAN to allow it.
>
>> 2) is it possible to change port number on WAN
>>side to keep out automated ip-scanner?
>
>>Setup is in the "System > Advanced Functions ...
>>there you can enable it on a non-standard port
>>(BTW this is a global setting).
On an added note ... if you "really" need sshd to
listen on specific interfaces you can manually
edit /etc/ssh/sshd_config and add a ListenAddress
directive, then restart sshd.
Here's how:
INITIAL SETUP:
Setup you ssh in the [System: Advanced functions]
page w/ your custom port. I like to use 212 {IEEE
- "ATEXSSTR"
port},
but you can choose "MOST" any TCP port, another
good candidate is
TCP 2120 {IEEE - "Quick Eagle Networks CP" port}
ENSURE THAT SSHD IS RUNNING AND LISTENING:
netstat -an | grep -v grep | grep 212
tcp4 0 0 *.212 *.* LISTEN
THEN EDIT THE SSHD CONFIG & ADD THE
"ListenAddress" LINE(S):
vi /etc/ssh/sshd_config
~
#
# LAN ADDRESS
ListenAddress 192.168.0.100
# WLAN ADDRESS
ListenAddress 10.10.10.100
#
~
SAVE THE FILE AND FIND THE PID FOR SSHD:
!! NOTE !!
DO NOT use "pkill -HUP sshd" or you WILL knock
yourself off the box.
ps -xu | grep -v grep | grep sshd
root 64984 0.0 0.2 3064 2580 ?? Is 9:21AM
0:00.01
/usr/sbin/sshd
root 65028 0.0 0.3 5744 2752 ?? Ss 9:21AM
0:00.27 sshd:
[EMAIL PROTECTED] (sshd)
pkill -HUP 64984
NOW CHECK TO SEE IF THE NEW LISTENERS HAVE TAKEN:
netstat -an | grep -v grep | grep 212
tcp4 0 0 192.168.0.100.212 *.* LISTEN
tcp4 0 0 10.10.10.100.212 *.* LISTEN
ADDITIONAL NOTES:
-> "Rules" serve as the starting point for
"allowing" service
interaction.
-> If ssh is enabled on the WAN (NOT AT ALL
reccommended !!!) use
keys.
--
David L. Strout
Engineering Systems Plus, LLC