Change Port 22

[OfMacAndMen]

As an security measure we change the ssh port from 22 to XXXX. When we did this the Zimbra mail server shows this message:

Message: system failure: exception during auth {RemoteManager: mailserver.xxxxxxx.com->zimbra@mailserver.xxxxxxxx.com:22}
Error code: service.FAILURE
Method: ZmCsfeCommand.prototype.invoke
Details:soap:Receiver

Can we change Zimbra setting the to our custom setting?

[phoenix]

Quote:

Originally Posted by OfMacAndMen

As an security measure we change the ssh port from 22 to XXXX. When we did this the Zimbra mail server shows this message:

If you are behind a router and this port isn't open to the outside world, this change doesn't matter. If you're not behind a router and this port is open to the outside world then changing it to another port makes not a blind bit of difference - a port scan of your system will find it in moments. This change adds not one bit of extra security to your system.

If you really want to change it (really, it's more trouble than it's worth) then search the forums, it's been covered a couple of times.

[OfMacAndMen]

We run over 16 Linux server. Half had port 22 changed. We monitor the server's logs very closely. The servers that have the port 22 changed have 99% less brute force attacks.

[mmorse]

zmprov ms server.domain.com zimbraRemoteManagementPort xxxx

[OfMacAndMen]

Does this work in 5.0.4??

[OfMacAndMen]

We are receiving an error on the Server Status page.

[mmorse]

Substitute your port number in the below instructions:

1. Check /etc/sshd_config and be sure it's set to 22 (or the port you're using)
2. stop/start/restart sshd

Code:

/etc/init.d/ssh restart

3. su - zimbra
4. Be sure zimbra's ssh port is set to 22 (or the port you're using)

Code:

zmprov ms server.domain.com zimbraRemoteManagementPort 22

5. Generate new ssh keys

Code:

cd /opt/zimbra/bin/
./zmsshkeygen

6. Deploy the keys

Code:

./zmupdateauthkeys

To test this, you can run the following command:

Quote:

ssh -vi .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@server.domain.com -p 22 (or the port you're using)

-Shouldn't prompt you for a password at this point...then check the admin console mail queues area/servers/certificates.
If you continue to get that error please see this doc for some more ideas Mail Queue Monitoring - Zimbra :: Wiki

[Dirk]

When I first read this, I thought it was about port 25, SMTP, but then I noticed it was actually about SSH.

Opening SSH to the world on any port is a 'bad idea'.
If you need SSH access, go via a VPN. At the very least use a router to permit SSH access only for traffic originating from pre specified IP addresses.

[flums]

Quote:

Originally Posted by phoenix

If you are behind a router and this port isn't open to the outside world, this change doesn't matter. If you're not behind a router and this port is open to the outside world then changing it to another port makes not a blind bit of difference - a port scan of your system will find it in moments. This change adds not one bit of extra security to your system.

If you really want to change it (really, it's more trouble than it's worth) then search the forums, it's been covered a couple of times.

This is somewhat dumb to say. As others here told, brute force attempts goes down 99-100% changing ssh port from 22 til 22400 (as i do). Logs are one mile long, which u don't want when ssh is at port 22.