[Mageia-discuss] Setting up a port forward

Deri James deri at chuzzlewit.myzen.co.uk
Sat Sep 1 00:16:27 CEST 2012


On Friday 31 Aug 2012 22:42:26 Thomas Backlund wrote:
> Why not simply have sshd listen on 2 ports and skip need for port
> forwarding?
> 
> 
> Just uncomment the "Port 22" line in /etc/ssh/sshd_config
> and add a second line with the second port
> 
> so it would look like
> 
> Port 22
> Port 5122
> 
> and restart sshd
> 
> with this all access that expects port 22 will continue to work,
> and you can also access it through the new 5122 port.
> 
> Simple and effective, and no portforwarding needed.
> 
> --
> Thomas

And add 5122/tcp to the "Advanced" tab in MCC -> Security -> Personal Firewall 
(if you are using a personal firewall).

If the server is accessible from the internet I would recommend some further 
changes to sshd_conf. This is what I use (assuming this is a server for 
personal use, not with hundreds of users connecting):-

=================================================

LoginGraceTime 120
PermitRootLogin no

TCPKeepAlive yes

AllowUsers ->your user name here<-
MaxStartups 2:90:4

==================================================

The "MaxStartups" parameter deters the script kiddies trying to guess the 
password:-


MaxStartups
========

Specifies the maximum number of concurrent unauthenticated connections to the 
SSH daemon. Additional connections will be dropped until authentication 
succeeds or the LoginGraceTime expires for a connection. The default is 10.

Alternatively, random early drop can be enabled by specifying the three colon 
separated values “start:rate:full” (e.g. "10:30:60"). sshd(8) will refuse 
connection attempts with a probability of “rate/100” (30%) if there are 
currently “start” (10) unauthenticated connections. The probability increases 
linearly and all connection attempts are refused if the number of 
unauthenticated connections reaches “full” (60).

Cheers 

Deri



More information about the Mageia-discuss mailing list