|
On Thu, 2007-09-20 at 10:00 -0400, Gerry Reno wrote:
> I looked through the howto's and did not see anything showing how to put
> ssh on an alternate port.
You can have SSH as a service one the director if you configure to
listen on the DIP only.
man sshd_config
...
ListenAddress
Specifies the local addresses sshd should listen on. The follow-
ing forms may be used:
ListenAddress host|IPv4_addr|IPv6_addr
ListenAddress host|IPv4_addr:port
ListenAddress [host|IPv6_addr]:port
If port is not specified, sshd will listen on the address and all
prior Port options specified. The default is to listen on all
local addresses. Multiple ListenAddress options are permitted.
Additionally, any Port options must precede this option for non
port qualified addresses.
...
If you ensure that the director doesn't bind its' SSH server to any
VIPS, you can then have a virtual server on the VIP listening to port
22, forwarding to the realservers as appropriate.
I would, however, counsel against having SSH listening on the external
interface of the director. I try as much as possible to make sure
they're only contactable from "inside", or from a management LAN which
reaches the "inside" interface,
Graeme
|
