Unfortunately I have the "privilage" of maintaining a customer TCP protocol which cans you if your source and destination ports aren't as specified by their fcked up protocol!! -----Original Message----- From: Martinez, Michael [mailto:MMARTINEZ@xxxxxxxxxxxxxxx] Sent: Thursday, April 01, 2004 7:14 AM To: cldavis@xxxxxxxxxxxxx; netfilter@xxxxxxxxxxxxxxxxxxx Cc: Fajar Priyanto Subject: RE: I thought ssh is port #22 ?!! Port 32873 is the return port on the ssh client. Here's how it works. The server listens on port 22. The client opens a connection to the server, and tells the server which return port to use. If you do "netstat -an" you will see the server talking on port 22, and the client talking on some high numbered port like 32873. The high number port used is random. It will change from one session to the next. This is true not just for ssh - it is true for most tcp applications. Michael Martinez Unix System Administrator -----Original Message----- From: cldavis@xxxxxxxxxxxxx [mailto:cldavis@xxxxxxxxxxxxx] Sent: Wednesday, March 31, 2004 9:10 PM To: netfilter@xxxxxxxxxxxxxxxxxxx Cc: Fajar Priyanto Subject: Re: I thought ssh is port #22 ?!! You should edit sshd_config with the port command and set it to 22. If the directive is not present, I've had some versions of ssh listen on everything, others only 22. You may also want to use the PermitRootLogin no directive to disable root logins and use a regular user account to log in and then su to root if need be. As far as the firewall, you may want to setup your firewall to drop all packets except packets sent to needed services. Hope that helps Chris > -----Original Message----- > From: Fajar Priyanto [mailto:fajarpri@xxxxxxxxxx] > Sent: Thursday, April 1, 2004 01:32 AM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: I thought ssh is port #22 ?!! > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi guys, > I'm not really sure about this. I thought ssh is made in port #22? > When I made a ssh session into my server, /var/log/messages showed > this: Apr 1 09:20:20 server2 sshd[2711]: Accepted password for root > from 192.168.0.234 port 32873 ssh2 > > Why did it use port #32873? > Is there something wrong with my ssh or firewall? > TIA, > - -- > Fajar Priyanto | Reg'd Linux User #327841 | http://linux.arinet.org > 08:31:42 up 36 min, Mandrake Linux release 9.2 (FiveStar) for i586 > public key: https://www.arinet.org/fajar-pub.key > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.3 (GNU/Linux) > > iD8DBQFAa3EYkp5CsIXuxqURAluBAKCNiyg8+KXYDu/JuZghSVMXvfrjMgCdG7O2 > Bb4SQcbOiAqALl1o9yQ5H1k= > =4uUZ > -----END PGP SIGNATURE----- > > >
