<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Alan Pope wrote:
<blockquote cite="mid:20080112142353.GK10384@popey.com" type="cite">
<pre wrap="">On Sat, Jan 12, 2008 at 12:56:30PM +0000, Stephen Garton wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi Al,
On 12/01/2008, Alan Pope <a class="moz-txt-link-rfc2396E" href="mailto:alan@popey.com"><alan@popey.com></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">On Sat, Jan 12, 2008 at 09:13:56AM +0000, Stephen Garton wrote:
</pre>
<blockquote type="cite">
<pre wrap="">On a box at home, I have ssh running on a non-specific high numbered
port. Is it possible to also have it (ssh) listen on port 22, but
limit it to computers on the local network?
</pre>
</blockquote>
<pre wrap="">Why also have it on 22? Why not just edit ~/.ssh/config and add a line like
this:-
Host box
Port 2222
(or whatever the hostname and port number is)
</pre>
</blockquote>
<pre wrap="">I do/did. When I had (continuing your example) Port 2222 on it's own
in /etc/ssh/sshd_config (please let me know if this is not the one I
should be using, as it is the one I have stored in my notes that are a
year or two old on how to use ssh!) Tomboy reported it couldn't
contact the host.
</pre>
</blockquote>
<pre wrap=""><!---->
I am talking about the client not the server. Put that line in ~/.ssh/config
on the _client_ and that tells it what port the server uses.
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">The reason for asking is that I'd like to do things like synchronise
my tomboy notes over ssh, but there is nowhere in tomboy (that I can
find) to configure the port for the add-in.
</pre>
</blockquote>
<pre wrap="">I do the above for exactly this reason.
</pre>
</blockquote>
<pre wrap="">Sorry, I think I'm lost. Will tomboy sync over ssh when a non-standard
port is used?
</pre>
</blockquote>
<pre wrap=""><!---->
Yes. On my server I have /etc/ssh/sshd_config set to 2222, on my client I
have ~/.ssh/config set to tell my client what port the server is on. Job
done. It works.
Cheers,
Al.
</pre>
</blockquote>
<br>
I don't bother changing the server port for sshd, it's security through
obscurity. The crackers who only look for your server on port 22 are
more of a nuisance than anything else, there's no way they'll get in
unless you have a seriously crap password. If someone puts more effort
into it they'll find your server no matter what port it's on, and it's
them you'll have to worry about. You could also just disable password
authentication and set yourself up key-based access to your boxes.<br>
<br>
I also use FreeNX for remote access to Gnome desktops which doesn't yet
work properly when you use a different port and block password
authentication. So I just use Denyhosts to block clients that fail
authentication, 1 try for the root account and 3 tries for any other
account. They get blocked almost instantly using /etc/hosts.deny and I
get emailed with their IP and hostname.<br>
<br>
Regards,<br>
Tom<br>
<br>
</body>
</html>