[BlueOnyx:01766] Re: The setting returns to an initial value when the server is rebooted.

Chuck Tetlow chuck at tetlow.net
Sat Jul 18 02:18:37 PET 2009


No, but I have to admit that I never change it for long.  I block all in bound port 22 and 23 connections with my front-door router.  So occasionally, when I want to let someone in - I change the server's SSH deamon to a different port, let them in, and change it back.  It probably wasn't changed long enought for the watchdog cced.init to change it back.

Tell you what - after you modify the file, use this from the command line while in the /etc/ssh directory "chattr +i sshd_config".  That absolutely locks the file.  The technical term is 'setting the immutable bit'.  Now, not even root can't change the file.  verify the bit is set with command "lsattr" while in that directory.  You'll see the extended attributes listed - and your sshd_config file should have a lowercase "i" in front of it.  To turn it off and make the file changeable again - use "chattr -i sshd_config".

So, set your file with the port you want to use and then lock the file.  That's how I keep the watchdog from changing my custom IPTables configuration!  Works every time!

Chuck

---------- Original Message -----------
From: Hideki Oride <hideki.oride at gmail.com> 
To: BlueOnyx General Mailing List <blueonyx at blueonyx.it> 
Sent: Sat, 18 Jul 2009 16:00:31 +0900 
Subject: [BlueOnyx:01765] Re: The setting returns to an initial value when the server is rebooted.

> Thanx, Chuck. 
> 
> It knows this method. 
> 
> I want to say.. 
> The setting returns to an initial value when I restarted this server. 
> 
> Are you not happening on your server? 
> 
> 2009/7/18 Chuck Tetlow <chuck at tetlow.net>: 
> > Hideki, 
> > 
> > At the command-line, go to the /etc/ssh/ directory.  Use your favorite 
> > editor to edit the sshd_config file.  A line right near the top reads "Port 
> > 22".  Change that to the port you want to use.  Then restart the SSH server 
> > with "service sshd restart".  That should cure it for you - your SSH server 
> > will run on the new port. 
> > 
> > 
> > 
> > Chuck 
> > 
> > 
> > 
> > 
> > ---------- Original Message ----------- 
> > From: Hideki Oride <hideki.oride at gmail.com> 
> > To: blueonyx at blueonyx.it 
> > Sent: Sat, 18 Jul 2009 13:03:40 +0900 
> > Subject: [BlueOnyx:01763] The setting returns to an initial value when the 
> > server is rebooted. 
> > 
> >> HI, Blues. 
> >> 
> >> Are you using the port number of SSH ? 
> >> I want to use number of "909" on SSH. 
> >> So I am setting this number on "Network Service" - "Shell". 
> >> 
> >> But, when I reboot a Server, Port number is back on "22". 
> >> In addition, It is backing a "Personal Profile" - "Account" - 
> >> "Language Preference", too 
> >> 
> >> How in everyone's BO? 
> >> 
> >> I think, the cause of this problem is "constructer". 
> >> I think that custructer rewrites the Config file. 
> >> _______________________________________________ 
> >> Blueonyx mailing list 
> >> Blueonyx at blueonyx.it 
> >> http://www.blueonyx.it/mailman/listinfo/blueonyx 
> > ------- End of Original Message ------- 
> > 
> > _______________________________________________ 
> > Blueonyx mailing list 
> > Blueonyx at blueonyx.it 
> > http://www.blueonyx.it/mailman/listinfo/blueonyx 
> > 
> > 
> 
> _______________________________________________ 
> Blueonyx mailing list 
> Blueonyx at blueonyx.it 
> http://www.blueonyx.it/mailman/listinfo/blueonyx 
------- End of Original Message -------
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20090718/df957f9a/attachment-0003.html>


More information about the Blueonyx mailing list