Packages

ID #1109

What do I have to do to make OpenSSH open for the internet?

By default (like all good packages) the OpenSSH server is closed to the internet side of your FREESCO box. This is done by adding a firewall rule on the port of the OpenSSH server (default port 22).

To remove this firewall rule, you'll have to edit the rc_opensshd script and comment out the firewall line.



For FREESCO 0.3.x:

  1. login as root via telnet/console/SSH, and type the next command:
  2. edit /pkg/rc/rc_opensshd
  3. locate the next code (you may have to scroll down a bit):
        firewall)
# comment out the firewall rule (add a # in front of ipfwadm)
# to make OpenSSH accessible via the internet
ipfwadm -I -a deny -P tcp -W $INET -D 0.0.0.0/0 $PORT -y -o
;;










  1. Change it into this:

        firewall)
# comment out the firewall rule (add a # in front of ipfwadm)
# to make OpenSSH accessible via the internet
# ipfwadm -I -a deny -P tcp -W $INET -D 0.0.0.0/0 $PORT -y -o
;;








  1. save the changed file
  2. type command: rc_masq restart
  3. the firewall is now reloaded and OpenSSH should be accessible over the internet.


For FREESCO 0.2.7

  1. login as root via telnet/console/SSH, and type the next command:
  2. edit /rc/rcuser/rc_opensshd
  3. locate the next code (you may have to scroll down a bit):
if [ "$1" = firewall ]; then
#comment out the next lines to make sshd worldwide accessible
echo -n "Block opensshd connection from inet...I"
[ "$ENAMSQ" = y ] && ipfwadm -I -a reject -P tcp -W $INET -D 0.0.0.0/0 $PORT -y

  1. edit the script so it looks like this:
if [ "$1" = firewall ]; then
#comment out the next lines to make sshd worldwide accessible
#echo -n "Block opensshd connection from inet...I"
#[ "$ENAMSQ" = y ] && ipfwadm -I -a reject -P tcp -W $INET -D 0.0.0.0/0 $PORT -y

  1. save the changed file
  2. type command: rc_masq restart
  3. the firewall is now reloaded and OpenSSH should be accessible over the internet.



Tip:
if you use the 'joe' editor, make sure to delete the backup copy rc_opensshd~ file, because that file is also executable and will get executed by the rc_masq script and thus port 22 is still blocked!

Last update: 2004-11-27 17:48
Author: Dingetje
Revision: 1.0

Print this record Print this record
Send to a friend Send to a friend
Show this as PDF file Show this as PDF file
Export as XML-File Export as XML-File

Please rate this entry:

Average rating: 5 from 5 (1 Votes )

completely useless 1 2 3 4 5 most valuable

You cannot comment on this entry