Linux port Mapping

ntash · February 2, 2017, 4:58pm

Evening talkers,

I think I bit more than I can chew/swallow.

A friend brought a comp. installed with a heavily customized redhat OS. It was running a guest internet management system called Nebero UTM. This system is created and sold by a company in India.

He can’t talk to the nebero guys due to license and contract issues. That is where I come in.

He wants the physical machine virtualized. Normally that involves connecting through ssh with root access to the machine using a specialised software which creates a duplicate copy of the system.

My challenge is the ssh port was changed from port 22 to port 650 as per the listerning ports.

Have traced where the changes where done without success. That is where you come in.

Not in iptables, not in squid configuration, not in tcpip wrapers.

Anyone who might have experienced something like this.

How did you solve it?

Jimit · February 2, 2017, 5:21pm

wah!! kumbe sijui comp ata kidogo, mi nafikirianga ati comp ikikuja na OS unadownload Windows 10, unacopy kwa DVD, kisha unatumia kuformat nayo comp. Kumbe sijui kitu

The.Black.Templar · February 2, 2017, 6:03pm

Forrowing

kiki · February 2, 2017, 6:27pm

/etc/ssh/sshd_config

use vi to edit

Hunter_Xp · February 2, 2017, 6:39pm

venue @kiki amesema. you can also check the conf file the sshd program is using by first checking how that service was started ps aux |grep sshd

from the path of execution , unaweza chokora hiyo folder for config.

most cases you should get it at /etc/

alternatively grep in the entire /etc folder for port 6625 as you say.

Scorp · February 2, 2017, 7:02pm

check in etc guess you’ll find the config file there…ssh daemon runs your ssh client so probably its the sshd config…also if the installation is legit you’ll have to provide an activation key for you to edit and save the file

snapdragon · February 2, 2017, 8:21pm

Haya ni mambo na linux keti pale >>>>na wenzako:D

ntash · February 3, 2017, 6:31am

Here the port is set to the default 22.

ntash · February 3, 2017, 7:00am

From processes ps -aux shows ssh is running ( I log in to the computer through ssh.) Even from netstat. Ssh is listerning in port 650.
Have checked the ssh config file. Have checked the .ssh/config file in home folder I can’t see such.

In three hours I will share the active processes, ssh config and netstat results.

ntash · February 3, 2017, 7:01am

How do I grep a whole folder

Hunter_Xp · February 3, 2017, 9:27am

grep -nr ‘650’

Hunter_Xp · February 3, 2017, 9:33am

also try and do the following:
locate ssh.conf

kiki · February 3, 2017, 10:18am

Are you connected directly or behind a router?

ntash · February 3, 2017, 10:58am

Directly. The comp had two physical ports. In the config they added an additional virtual port.
So it has public Ip, Dmz, private IP.

Scorp · February 3, 2017, 11:33am

cat ‘folder name’ | grep 650

Scorp · February 3, 2017, 11:38am

alternatively you can grep what service is running on port 22,i think 650 is a virtual port that has been binded(forwarded) to port 22

try >> netstat -tulnp | grep 22
you need to be root to run the command

ntash · February 3, 2017, 11:42am

Here is the ssh config

nebero:~# cat /etc/ssh/ssh_config

This is the ssh client system-wide configuration file. See

ssh_config(5) for more information. This file provides defaults for

users, and the values can be changed in per-user configuration files

or on the command line.

Configuration data is parsed as follows:

1. command line options

2. user-specific file

3. system-wide file

Any configuration value is only changed the first time it is set.

Thus, host-specific definitions should be at the beginning of the

configuration file, and defaults at the end.

Site-wide defaults for some commonly used options. For a comprehensive

list of available options, their meanings and defaults, please see the

ssh_config(5) man page.

Host *

ForwardAgent no

ForwardX11 no

ForwardX11Trusted yes

RhostsRSAAuthentication no

RSAAuthentication yes

PasswordAuthentication yes

HostbasedAuthentication no

GSSAPIAuthentication no

GSSAPIDelegateCredentials no

GSSAPIKeyExchange no

GSSAPITrustDNS no

BatchMode no

CheckHostIP yes

AddressFamily any

ConnectTimeout 0

StrictHostKeyChecking ask

IdentityFile ~/.ssh/identity

IdentityFile ~/.ssh/id_rsa

IdentityFile ~/.ssh/id_dsa

Port 22

Protocol 2,1

Cipher 3des

Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc

MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160

EscapeChar ~

Tunnel no

TunnelDevice any:any

PermitLocalCommand no

SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no

Scorp · February 3, 2017, 11:46am

how many user accounts does that machine have?

ntash · February 3, 2017, 11:49am

two, root and the system web management account

ntash · February 3, 2017, 11:58am

Root