Unable to ssh on alternative port
Mini Mac OS X Server 10.11.6, CommuniGate Pro, no and almost no other stock OS X Server services.
The server owner recently found on a network that has blocked ports for VPN and SSH connections, so we try to set up the server to allow a SSH tunnel through SOCKS proxy port 443, which is almost always open. (We have no plans on execution of web services via this port on this area.)
Research indicates that this should be a two-step process: 1) Edit /Library/Server/Web/Config/Proxy/apache_serviceproxy.conf to remove the web listening on ports 80 and 443 ports; (2) edit/etc/ssh/ssh_config for add a SSH listener on port 443. then restart.
After that, HTTP services are off on 80 and 443, but I can't connect to SSH on port 443. Works very well over 22 yet. Nmapping the server indicates that there is nothing open on port 443. Is there anything else I need to do for this open?
A user on the stack Exchange responded to this question. Works a charm.
http://Apple.StackExchange.com/questions/253332/unable-to-SSH-to-OS-x-server-Ove r-replacement-port
Tags: Servers and Enterprise Software
Similar Questions
-
Unable to SSH cisco CSM server
Unable to SSH to the server of cisco CSM
Hello world
Trying to SSH new server Cisco CSM.
ACL is which allows ssh I see suddenly increment account, but when I try to ssh it gives connection refused error.
I have to open the port on csm ssh server?
If so can someone please let me know hot to do?
Concerning
MAhesh
As mentioned in the forum of firewall...
The CSM itself server doesn't have ssh daemon top to meet these demands, unless you added some other 3rd party software. It's just a Windows Server that runs an application (CSM).
CSM uses https for the client software (Java applications) to communicate with her.
-
[nQSError: 12008] unable to connect to the port 9706 on machine
OBIEE 11.1.1.6.7 worked very well. I just re-uploaded repository after making a few changes as user/password and of connection name string. After that, I started again all services and now I am getting following error:
OBIEE@OBIEEUAT bin] $. / opmnctl startall
opmnctl startall: from opmn and managed all process...
================================================================================
opmn id = OBIEEUAT:9501
Answer: 0 on 1 process started.IAS = instance1 instance ID
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
--------------------------------------------------------------------------------
IAS-component/process-type/process-set:
coreapplication_obis1/OracleBIServerComponent/coreapplication_obis1 /.Error
-> Process (index = 1, uid = 471344379, pid = 12829)
Cannot start a process managed after the attempt limit maximum
Journal:
/OBIEE/Oracle/middleware/instances/Instance1/Diagnostics/logs/OracleBIServerComponent/coreapplication_obis1/console~coreapplication_obis1~1.log[2014 02-10 T 21: 39:46.000 + 02:00] [OBIPS] [ERROR: 31] [] [saw.connectionPool.getConnection] [ecid:] [tid:] connection to the Oracle BI server error: could not connect to the Oracle BI server because it is not running or is inaccessible. Please contact your system administrator.
ODBC driver returned an error (SQLDriverConnectW).
State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error occurred.
[nQSError: 12002] Communication to the socket call = Connect error: (number = 107) Transport endpoint is not connected
[nQSError: 12010] Communication connection to the remote end point error: address = OBIEEUAT; port = 9706.
[nQSError: 12008] Unable to connect to the port 9706 on machine OBIEEUAT. (HY000) [[
Leader: Connection.cpp
Online: 413
Geographical area:
- saw.connectionPool.getConnection
- Saw.Security.odbcuserpopulationimpl.getbisystemconnection
- Saw.Security.odbcuserpopulationimpl.searchidentities
- Saw.Security.userpopulationmanagerimpl.getaccountdetailsbyid
- Saw.Security.handleguids
- Saw.Catalog.aclsearchhandler.handleacliniteminfo
- Saw.Catalog.scrubacls.Scrub
- Saw.Security.securityimpl.Initialize
- saw.catalog.local.loadCatalog
- Saw.Subsystems.catalogbootstrapper.loadcatalog
- Saw.webextensionbase.init
- Saw.sawserver
ECID:
]]
Any idea to solve this problem?
Note: Earlier it was working fine. I got this error after downloading update of RPD
Concerning
Park
There was problem RPD username/password so I downloaded the RPD with correct password again. Now it works like a charm
-
Cisco Pix Firewall SSH listening on port 2022
Hello
Is it possible to tell the pix to listen on port 2022 for ssh?
My ISP blocked port 22
Kind regards
Edwin Gerritsen
Well thought out but unfortunately, that this will not work. The only way we could do something like this would be to use a device (such as a router IOS) upstream to the port translation (similar to the idea above). Hit the device on port 2022 upstream and have this device translated the port of destination to 22 and send it down to the PIX.
There is no mechanism to change the listening port for SSH on the PIX.
Scott
-
Unable to create the COM port virtual bluetooth
Hi all
I install BS from Toshiba and it seems ok. Work BT ir desn´t. I see all the drivers installed, system devices, etc. No Toshiba BT port can be seen. Local com ports show only the modem port. Try to create a virtual port but get a message "cannot create a port virtual bluetooh ' I have a satellite m100-145. Can anyone help on this?
THXTo use BT, you must first activate the device. At the first switch WLAN using the WLAN antenna on/OFF switch. After this key combination FN + F8 to activate the BT device correctly.
Please try this and let us know if the problem persists.
-
Unable to SSH to the server of cisco CSM
Hello world
Trying to SSH new server Cisco CSM.
ACL is which allows ssh I see suddenly increment account, but when I try to ssh it gives connection refused error.
Concerning
MAhesh
The CSM itself server doesn't have ssh daemon top to meet these demands, unless you added some other 3rd party software. It's just a Windows Server that runs an application (CSM).
CSM uses https for the client software (Java applications) to communicate with her.
-
Users unable to SSH to UCS Manager
I have the LDAP users who are not able to ssh in the UCS Manager even though they can connect through the GUI. But locally defined users are able to get through the GUI and ssh.
Users who authenticate to UCS Manager via LDAP are able to connect via SSH as well?
Thank you.
Hello Bruce,.
Are you adding "ucs -" domain name?
For example, for access via SSH.
# Linux terminal.
SSH ucs-------@.
SSH-l ucs-------.
# Of putty client
Connect as: ucs-------.
And the domain name is case-sensitive.
HTH
Padma
-
Unable to SSH/telnet through the remote access VPN to ASA interface
Hi all - im trying to SSH/telnet to my ASA in my remote access VPN tunnel but
can't get this to work. what Miss me?
remote access VPN subnet: 192.168.25.0
LAN subnet: 192.168.1.0
config is attached. THX-
Please enter the command
Private access Managament
and you will be able to telnet/ssh to the asa on this ip 192.168.1.253
-
Unable to SSH for outside the router No. 2851
Hello
I want to SSH to the external interface of our router No. 2851.
SSH works fine on the internal interfaces.
I have install the ACL is access (1 applied to the vty line and one to the external interface).
The configuration looks like the following:
line vty 0 4
access-class 102 in
30 logout-WARNING
length 0
entry ssh transport
access list 102 permit tcp any gt 1024 any eq 22
Outside_ACL extended IP access list
permitted tcp and gt 1024 no matter what eq 22 log
Is there anything else that I should consider when setting up SSH on the external interface?
TIA,
Michael
Michael
I notice that there is a card encryption on the interface (I have would have supposed of your previous comment that you access the router via VPN) and I wonder if it is possible that SSH entering your remote address is considered to be entering the card encryption VPN traffic. Could you try the external address of some other address source SSH and see if that changes things?
Or can you provide details on what is in the card encryption - and perhaps think about putting something in the map encryption that would exclude SSH to the external interface.
HTH
Rick
-
We configure the NLB (active/active) on two of the ASA. After connecting to the Cisco VPN client, we can just SSH to the ASA that connect us to and we can't SSH to the other ASA. For example, if we connect to ASA1, we can just SSH to ASA1 and we can't SSH to ASA2. The same is true if we connect with the ASA2, we can only SSH with the ASA2 and we can't SSH to ASA1. Is it possible to put in place so that we can SSH to any ASA regardless of what ASA that connect us to?
SSH 0.0.0.0 0.0.0.0 inside
SSH timeout 5
SSH version 2inside access management
Thank you.
Diane
Diane,
The difference, you see, is that the ASA is a firewall first and a second VPN product. Concentrators VPN just makes VPN and not worry about routing, switching, or firewalls. According to estimates to many people this is not a good thing, because increased the attack surface of the ASA. However, Cisco has allowed ASA management, you are doing a reverse tunnel hairpin hair Management ASA. It adapts well to the other ASA and wasn't really intend to do. From a security point of view, the best solution is a management server.
To configure the administration server, you just need a Windows/Linux/Apple (whatever you are comfortable with) machine, configured to allow remote sessions. You can do it in the platform Windows with VNC or remote desktop, if you use Linux or Apple, both have solutions. Once you have your platform, just install one of the PuTTY Terminal emulator or SecureCRT and you will have access to your systems. If you use the SMDA to configure your ASA you just need a supported web browser on the management server, and then open a connection to your ASAs.
Doing this method gives you the following:
1.) limited access because people will need to have an account on the management server to access administration tools.
2.) accountability since your event opens a session on the administration server will show who logged in and when. You can even go so far as to controls being installed on what a person can access.
3.) limits surface of piracy. Once you have configured your management workstation, configure an ACL on your ASAs that limit any SSH, HTTPS, etc. connection to the management station. With that done, you have to worry only who has access to this workstation.
I hope this helps. I didn't want to flood you, but wanted to give you the reason behind going in this direction over the method used by the VPN concentrators. Let me know if you have any other questions.
-
Unable to SSH to the source machine
I get an error "ssh connection refused" as he tried to perform a P2V Linux with the SDK. I checked that SSH is running on the source machine and the root is in the AllowUsers to SSHD. I'm starting to believe that this error maybe with something other than SSH? Any ideas would be wonderful.
Thank you!
C:\_cd\sdk\samples\DotNet\cs\SubmitWinP2VJob\bin\Debug > ConverterSamples.exe crai
g vm.properties
SoapException taken-
Actor:
Code: ServerFaultCode
Retail XML: <>< InvalidArgumentFault xmlns = "urn: Converter ' xsi: type ="vim2 ".
"" 5:InvalidArgument "xmlns:vim25 =" urn: vim25 "xmlns: xsi =" http://www.w3.org/2001/XML
The instance of the pattern' > < vim25:faultCause > < vim25:fault xsi: type = "ConverterSysinfoQueryC".
onnRefusedFault' > < description > [converter Agent SysinfoQuery] ssh connection was
has refused< / description > < / vim25:fault > < vim25:localizedMessage >Impossible of SSH for the
machine source. Make sure that the SSH daemon is running on the source machine. <
/vim25:localizedMessage > < / vim25:faultCause > < / InvalidArgumentFault > < / details >
ERROR: Impossible to present the work of P2V Conversion.
Yes, if the UI works, while the environment is OK. There is something wrong in the source computer rental structure that you created.
-
Hi all
I've been setting up of vSphere 5 in my test environment and I ran into a problem with the "vSphere Management Assistant (vMA) - 5.0.0.0 build 472630. I have set up with a static IP address, and I can connect to the console very well. When I try to SSH to the IP using PuTTY, I get an error 'server unexpectedly closed connection network '. Worked out of the box with the vMA SSH 4.x series. I tried a little, the same redeloying the VA but SSH still doesn't. All other functions, I've tried work fine in the vMA, i.e. adding servers and hosts, join the areas etc.
I'm at a bit of a loser as to why it does not just work. I can SSH to the old vMA 4.0 very well, so I don't think that it's a network problem, and the SSHD service is running.
Thank you
Matt Nichols
I have the same problem. But I find the reason. Need to fix the /etc/hosts.allow file to add the line
sshd: ALL: ALLOW
-
Unable to ssh to the host after 4.1 update
Since we improved our guests to 4.1 the local user that had been created with the permissions "To grant access to the shell" if we do not have
to enable ssh root access stopped working.
Anyone know what could cause this?
Take a look at this thread:
http://communities.VMware.com/thread/275973
André
-
Unable to give a different port in the shared server environment
Dear friends,
I changed my database (oracle 11 GR 2-EE) shared server environment. I gave the dispatcher, shared_server... parameters etc. If my interlocutor is listening on port 1521 (default port), then I can connect to the database using the connection to a shared server. This connection works fine.
But if change the listening port to the port by default (Say 1551), then I cann't connect to the database using the connection of shared server. But I can connect using dedicated port connection (1551).
I gave the dispatcher parameter like below,
"DISPATCHERS ="(ADDRESS = (PROTOCOL = tcp)
(HOST = xx.xx.xx.xx) (PORT = 1551)) (DISPATCHERS = 1) »
When connecting it throw error ' ORA-12523: TNS:listener did not find instance appropriate for the client connection.
Please help me solve this problem.Hi user;
His forbidden to share metalink notes instead of publication due to the policy of interoperability of. But I got same net note :) so I think I can share :)
http://www.DBA-village.com/village/dvp_forum.OpenThread?ThreadIdA=16026
Concerning
HELIOS -
How activate/connect with SSH?
For Beta3 release notes say is a new feature ' secure connection: you can now connect to the Tablet using Secure Shell (SSH) and download files from your application using SCP and SFTP.
The simulator of listening on port 22 (the SSH standard) or any other port for SSH connections, with or without active development mode does not have a vanilla installation.
I found the blackberry connect program in the SDK bin folder and tried this after creating a RSA2 key:
c:\>blackberry-connect -targetHost 192.168.7.172 -devicePassword x PROGRESS: Connecting to target 192.168.7.172:4455 PROGRESS: Authenticating with target 192.168.7.172:4455 PROGRESS: Encryption parameters verified PROGRESS: Authenticating with target credentials. PROGRESS: Successfully authenticated with target credentials. PROGRESS: Sending ssh key to target 192.168.7.172:4455 Connection refused: Invalid ssh key contents. The target actively refused the connection. Please ensure that qconnDoor is running on the target. PROGRESS: Unable to send ssh key to target
The fichier.ssh/id_rsa.pub is generated as a SSH-1 using PuttyGen key. I also tried a file SSH-2 RSA with the same results.
The fact that he said that he "succesfully authenticated" it suggests successfully connected... probably using port 443 (https) the way I guess that deploy blackberry is. However, after that he seems to say my key is not valid (not sure, I believe that), but also actively target "connection refused" (I think that... qconn is not listening on port 8000 or another).
Any who have knowledge of this area, or wild guess I can try?
OK, I am able to connect through SSH. It's a little complicated at the moment but I'll simplify and post a recipe as soon as I can.
For anyone technical enough to follow with minimal intervention:
- I generated a 4096-bit RSA key using 'ssh-keygen - b 4096' on a Linux machine, recording in the format 'test_rsa' and 'test_rsa.pub '.
- I transferred those to my Windows box.
- I called "blackberry-connect targetHost - PCMGM - devicePassword x - test_rsa.pub sshPublicKey."
This operation transfers the public key in the device by connecting through qconn (port 4455) using unknown protocols. The output looks like this:
PROGRESS: Connecting to target 192.168.7.172:4455 PROGRESS: Authenticating with target 192.168.7.172:4455 PROGRESS: Encryption parameters verified PROGRESS: Authenticating with target credentials. PROGRESS: Successfully authenticated with target credentials. PROGRESS: Sending ssh key to target 192.168.7.172:4455 PROGRESS: ssh key successfully transfered. PROGRESS: Succesfully Connected
Blackberry connect program continues to run, and as long as it is running at this point the Simulator will be listening for SSH connections on port 22.
At this point, I had to take the test_rsa (the private key) file and import it into Puttygen using Conversions-> import menu button. Save the private key, and load the key in the pageant.
Finally, normally connect using PuTTY at the address PCMGM and sign in as "devuser". This was discovered by looking in the /accounts folder using a primitive file browser application, where I found two subfolders, 1000 / and devuser.
Maybe you are looking for
-
Impossible to delete the mail.
I recently got e-mail from someone I know watch USA... but it cannot be deleted. The message of the computer says... the 11416.emix file could not be opened because there is no file. I can read the mail, so I don't need to open it again; I now just
-
I have a HP Compaq 8710w Mobile Workstation with Core 2 Duo t7700.
Can I get Core 2 Duo t9900?
-
Networking troubleshooting maxed out. Need help 2 running XP Pro Machines on the same network home. At the Working Group under the same name. Check the properties of LAN connection sharing to share. My firewall except for sharing/printer. PING was su
-
I have Windows XP Professional, I don't need to defrag my computer, I am clueless about computers, how can I do it, is there already a defrag on my XP program, or do I need another product? If I need another product, is it a windows one? Concerning J
-
Changes to the registry administrator blocked
Whenever I try to enter regedit, I get above message (I tried to translate Danish). I'm not aware that I did something to get into this situation- but how to make out of it. I am running XP SP3