problem w. sshd on remote port 80

Discussion started by jan.n, Jun 8, 2013.

  jan.n

    jan.n

    Hi all,

    with Tomato 1.25 on my WRT-54GL, I had set the remote ssh port to 80. From inside my network, I'd access my router via ssh on port 22, from the outside via port 80 (because it's not blocked from various places).

    With Shibby 1.28 (109) the behavior seems to have changed. When I set sshd_rport=80, I can no longer reach the web interface from the inside because of timeouts.

    Is this a regression or did I just misconfigure something?
  jan.n

    jan.n

    I'll keep it on port 22, not that it matters anyway. I disabled password login and use keys instead, that should be pretty secure.
  koitsu

    koitsu

    The problem is caused by the fact that httpd is also bound to TCP port 80 -- you cannot have two daemons (sshd and httpd) both bound to the same TCP port number. How this worked in 1.25 is beyond me -- it should never, ever have worked. I say this with admittance that I have not looked at how NVRAM variable sshd_rport is used.

    That said: you can accomplish what you need using iptables. I think you've probably already figured this out by now though. If you haven't please let us know; there's a thread about this sort of thing already on the forum where I spent a lot of time discussing + working out what the proper rules were, and can try to find it if needed / rather than re-doing the entire RE work again.
