ssh on port 21?

Rick Stevens rstevens at vitalstream.com
Wed Feb 25 19:28:32 UTC 2004 

Rick Bilonick wrote:
> Rick Stevens wrote:
> 
>> rab wrote:
>>
>>> I can telnet out through the firewall at work but I can't get them to 
>>> allow me to ssh out to my home pc. Can I open a hole in my router 
>>> firewall and allow incoming ssh on both ports 21 and 22? (I'm able to 
>>> ssh into my pc using dial up but not through the company lan.)
>>
>>
>>
>> How utterly silly.  Why not ask your IT department to permit SSH access?
>> What are they afraid of?  FTP is far more likely to be hacked than SSH.
>> Remind them that passwords and such go out over FTP in plaintext
>> (unencrypted).  SSH certainly can't hurt them.
>>
>> You can set up ssh to listen on any port you want, but you'll need to
>> connect via "ssh -p 21" AND the daemon on your machine at home needs to
>> listen on port 21, either via "sshd -p 21" or in the
>> /etc/ssh/sshd_config file's "Port" directive.
> 
> 
> Silly is not the word. "Stupid" and "idiots" are the words that come to 
> mind. I have asked the it dept. several times to make it possible. If I 
> explain TOO MUCH about how insecure telnet/ftp is, they would take it 
> all away.

Now that's really dumb.  Who are these twits?  Do they have any
background in network operations at all or are they simply jerks that
know what a CAT-5 cable is?  Sheesh!

> Thanks for your explanation on how to do it. I wasn't sure if the port 
> numbers had to be the same on both the local and remote systems. I had 
> tried the L switch for ssh but that does not appear to be correct. I 
> will also have to open a whole in the router's firewall for port 21.

Yes, the ports must match.  If you have the daemon listening on port N,
you must tell the client to use port N, also.  Otherwise the client will
try port 22 and since there's nothing listening on port 22, nothing will
happen.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-      Always remember you're unique, just like everyone else.       -
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list