can somebody please tell me where to find the ssh configuration file?
thank you very much!
Topic: SSH configuration file?
The content of this topic has been archived on 11 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.
Page 1 of 1
/etc/config/dropbear
thank you very much for your reply.
now that i know that dropbear is used, i also googled for it, but i can't find an answer to my question:
how to bind dropbear to a specific ip? (192.168.1.1)
hi,
dropbear itself doesn't use a config file, run "dropbear -h" for the commandline option.
but the startup-script (/etc/init.d/dropbear) use the configfile /etc/config/dropbear.
and there are two options passwordauth, and port.
and it seems like you can use the port option, because there you can specify the address too. ( -p [address:]port )
so
option Port '192.168.1.1:22'
should work.
if it does not, you should try starting it from the command line, and adapt the startupscript.
if nothing works, you can restrict the access with firewallrules, or you can install openssh-server if you need a fullfeatured ssh-server.
thanks for your reply,
i've put it in the config file and restarted the dropbear service - now i even can't connect from local lan, meaning something went wrong / configuring this by config file doesn't work...
seems like somebody only did half things ):
will use the emergeny telne tserver or reflash by tftp and then try modding the parameters.
i just can't understand why the ssh server by default is reachable from everywhere ):
the ssh-server is not available from everywhere, only from the lan-side.
per default all inboundtraffic from the wanside is blocked by the firewall. you have to open port 22 if you want to reach the sshserver from the wanside.
it is maybe confusing, that the sshserver is reachable on the wanip from the lanside, but the firewall blocks traffic coming to a specific interface (wan-interface) and not a special ipaddress (would be difficult if you have a dynamic wan-ip). It is important on which interface the package arrives the router, and not to which address it should go. if it comes to the lan-interface of the router it is accepted, if it enters on the wanside it is blocked per default.
so per default the sshserver is only available from the lanside (through the lan-interface) on all router-ipaddresses (also on the wan-ip) but not on the wan-interface!
(Last edited by eleon216 on 9 Feb 2008, 21:56)
oh well, then that's my fault, tried it with the wan ip (from the landside) and it was reachable...
thanks for the hint!
The discussion might have continued from here.
Page 1 of 1