Sign in to follow this  
nuhll

How to change SSH Port?

Recommended Posts

fixed.

 

VM -> extras -> quemos keyboard layout -> vnc connection to my new debian -> edit their SSHD , change port, finish.

 

And its very very very bad that unraid dont have an option to change the ssh port, this is also a new security flaw.

Share this post


Link to post
Share on other sites
1 minute ago, nuhll said:

fixed.

 

VM -> extras -> quemos keyboard layout -> vnc connection to my new debian -> edit their SSHD , change port, finish.

 

And its very very very bad that unraid dont have an option to change the ssh port, this is also a new security flaw.

Are you saying that changing the HTTPS port via Settings-.Identification is not working for you?   If so I would suggest that you need to post your system diagnostics after a reboot to see if the reason it does not work for you can be determined.

Share this post


Link to post
Share on other sites

Why do you want to change SSH port and of what entity unRAID itself or VM?

Edited by bonienl

Share this post


Link to post
Share on other sites

I wanted to change SSH port of unraids SSHD server.

 

Because i installed Debian as VM and coulnt SSH to it (same port).

 

I couldnt change it from VNC because i couldnt use my keyboard layout, but i found the fix in extra settings (keyboard layout) so i could change the SSHD port in the debian VM.

 

Still no reason why i cant change a standard port. All world is searching for this standard ports to hack.

Share this post


Link to post
Share on other sites

Changing the SSH port to something else and then exposing it to the outside world is a fake security protection.

 

In general there is no need to expose the unRAID server itself to the Internet, but if needed a VPN approach is recommended.

 

Share this post


Link to post
Share on other sites

Its saver, thats what count. All these bots are scanning 24/7 on port 22. 

 

Why we even talk? I buy a software i should be able to change their ports. WTF. Oo

Edited by nuhll

Share this post


Link to post
Share on other sites
19 minutes ago, nuhll said:

SSH =! https  (SSH doenst mean https)

 

Good point - I am obviously not wide awake to miss that!

 

15 hours ago, nuhll said:

I edited it in /etc/ssh/ssh_config , but this didnt take effect

 

Have you tried putting a copy of the ssh_config file into the /boot/config/ssh folder?   All files from there seem to be copied to /etc/ssh as part of the boot process so that might have the desired effect.   The /etc/ssh location you mentioned is only in RAM so would be lost on a reboot.

 

Having said that if a good case can be made for GUI support to be able to easily configure the port then the obvious place to add such an option would be to the Settings->Identification page.   I personally always use a VPN connection to access the unRAID server remotely to avoid exposing the standard ports to the internet.

Share this post


Link to post
Share on other sites

Thats a good idea, i will try that when i find the ssh port a problem again.

 

I dont expose anything to the internet. But like i said, i fixed it by finding out how to chance VNC keyboard layout... and just changing the port of the VM. Thx guys.

Edited by nuhll

Share this post


Link to post
Share on other sites
11 minutes ago, nuhll said:

Its saver, thats what count. All these bots are scanning 24/7 on port 22. 

 

Well the safest is to NOT expose any port to the Internet, as I said there is no need to open up the SSH port to the outside world.

 

12 minutes ago, nuhll said:

Why we even talk? I buy a software i should be able to change their ports. WTF. Oo

 

We talk so I can understand your use case. It is possible to make a feature request and give valid arguments why it is needed and it may be considered.

 

There is no need to claim what you claim.

Share this post


Link to post
Share on other sites

Omg. Even if its not exposed its a security risk. Lets say you have a network and one computer gets infected (driveby) this pc is scanning the network for 22.

 

Youre a developer, i dont understand why i need to explain why i should be able to change the prot.

 

Why we are able to change http and https port?????

 

Also i guess there are many ppl which explose the unraid machine to the internet.


Also, VPN is not 100% secure, like all software: https://www.google.de/search?safe=off&ei=5SUtWpaJGIvlUaXOlZgJ&q=vpn+exploits&oq=vpn+exploits&gs_l=psy-ab.3..0i203k1.5807.6825.0.7009.8.8.0.0.0.0.146.816.1j6.7.0....0...1c.1.64.psy-ab..1.7.814...0j0i131i67k1j0i67k1j0i22i30k1j0i22i10i30k1.0.raWV4HG8uZI

 

There must be an option to: disable SSH and change the port. Also (maybe already there) an option which user can acccess ssh.

Edited by nuhll

Share this post


Link to post
Share on other sites
9 hours ago, nuhll said:

There must be an option to: disable SSH and change the port

 

Disabling SSH would only leave HTTP/HTTPS to manage the server, theoretically possible, but practically not doable.

 

If you want to change the SSH port because it conflicts with a VM, then your VM isn't set up right. VMs which use a bridge (br0) interface will have a different IP address, either statically or dynamically assigned. Running a SSH server on this different IP address is no problem next to the unRAID SSH server.

 

Yes, I am developer and I know pretty well what is needed, thank you.

  • Like 3

Share this post


Link to post
Share on other sites
Just now, nuhll said:

Are you a unraid developer?

 

Yes he is......

Share this post


Link to post
Share on other sites

omg. So yea. typical "im a developer i know what ppl need/want".

 

Its okay, thanks for your time... :)

Share this post


Link to post
Share on other sites

Actually, @bonienl is one of the friendliest, most helpful guys on here, and I suspect, he, and many others are reading your posts and wondering what the hell is going on.  You have created multiple threads on several topics and have a tendency to be rather rude when people try and correct/educate you.

 

As per normal it's those that contribute the least, that complain the most. 

 

You seem to know how to do everything better than the existing ways, so make a plugin/docker container to improve things for everyone, instead of complaining about the people who are actually doing work in their free time to make Unraid better.

  • Like 2
  • Upvote 2

Share this post


Link to post
Share on other sites
10 hours ago, nuhll said:

I wanted to change SSH port of unraids SSHD server.

 

Because i installed Debian as VM and coulnt SSH to it (same port).

 

I couldnt change it from VNC because i couldnt use my keyboard layout, but i found the fix in extra settings (keyboard layout) so i could change the SSHD port in the debian VM.

 

Still no reason why i cant change a standard port. All world is searching for this standard ports to hack.

 

 

there are unraid architectural issues here larger than the ssh port number that you should be worried about. unraid is *not* suitable in any shape or form to be exposed to the internet and this has been said many, many times before. i hope to christ you have a firewall infront of your unraid server. oh? you do? well then, friend, please tell me how all the world is searching inside your LAN for port 22? 

 

unraid is running as a read only operating system in memory... a simple concept that someone who knows how to do everything better than everyone else, such as yourself, should find simple to grasp. no systemd here, friend. it is actually quite a secure way to run the OS. however, not being able to patch it without waiting for LT to provide a new update should concern you more...

Edited by ironicbadger
  • Like 1

Share this post


Link to post
Share on other sites
8 minutes ago, ironicbadger said:

 

 

there are unraid architectural issues here larger than the ssh port number that you should be worried about. 

 

 

Maybe, i dont know.

 

I never said, and im not goin to do, nor do i have atm unraid exposed to the internet, actually i have even 2 routers infront of my network... xD

 

Quote

 


oh? you do? well then, friend, please tell me how all the world is searching inside your LAN for port 22? 
 

 

If you flame me, then atleast read my post, i never said all the world is scanning INSIDE your network for port 22. I said if one of the computers inside ur network is infectet, he will (or could) search your homenetwork for port 22. And im pretty sure that some ppl have unraid unprotectet to the internet, if they dont have any exp with network stuff and just want to access the shares.

 

You could enable SSH if you need it via HTTP, also maybe some ppl want to disable HTTP and only access it via SSH. Whats the problem? (maybe just make it so you cant deactivate all of it).

 

Quote

 


Actually, @bonienl is one of the friendliest, most helpful guys on here, and I suspect, he, and many others are reading your posts and wondering what the hell is going on.  You have created multiple threads on several topics and have a tendency to be rather rude when people try and correct/educate you.
 

 

Im not here to flame anyone or to be rude. But when im feeling attacked, i might get unfriendly. Ofc, english is not my mother tongue so, bare with me.

 

Quote

 


As per normal it's those that contribute the least, that complain the most. 
 

 

And you wonder? Most of my suggestions were thrown appart without any (good) reason, so why contribute? And, since its their work, they dont offer and or dont want to add, they could simply say, no. Instead of making fun of me.

 

Its state of the art for many different OSs/software that you can disable and or edit ports, programms which are running in the background. So thers nothing crazy about asking for it.

 

 

 

Edited by nuhll

Share this post


Link to post
Share on other sites
10 minutes ago, nuhll said:

Most of my suggestions were thrown appart without any (good) reason, so why contribute? And, since its their work, they dont offer and or dont want to add, they could simply say, no

 

Man, did you read my answers?

It is clear you are an unRAID novice (Anfänger), and first thing people try to do is to help you to go in the "unRAID" direction. Yes some things may not be obvious or work a bit different then expected, this is all part of the learning process.

You have created docker containers and VMs,  but their set up isn't fully right. With the suggested modifications you can get everything working without the need to change SSH or disable DNS.

Get it working first. And any good ideas can always be made as a feature request.

 

Share this post


Link to post
Share on other sites

Yes, you are right, i didnt understand br and host difference. I tried br before, but set the ip to the unraid server... xD

 

So i got it working without any change, i didnt said u were wrong. 

 

Still i would like to disable all i dont need. 

 

I hope you add that feature at some time (i dont know if that dns is needed)

 

Thanks for your help.

Edited by nuhll

Share this post


Link to post
Share on other sites

FYI, most people port scanning don't just target 22. Modern port scanners scan all available ports on a network looking to see what's responding to a basic connection attempt. Changing which port you are using doesn't really do much in terms of enhancing security any more than moving the location of a door to your house. It's the deadbolt inside the door that protects you, not the location of the door itself. 

Share this post


Link to post
Share on other sites

Whats the nr 1 threat today? Its not manual hacking, its the automated things and these scan 1. on standard known ports.

Edited by nuhll

Share this post


Link to post
Share on other sites
5 minutes ago, nuhll said:

Whats the nr 1 threat today? Its not manual hacking, its the automated things and these scan 1. on standard known ports.

Because they are automated, it is very simple for them to scan on non-standard ports also.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  


Copyright © 2005-2017 Lime Technology, Inc. unRAID® is a registered trademark of Lime Technology, Inc.