Results 1 to 9 of 9

Thread: Change Port 22

  1. #1
    OfMacAndMen is offline Active Member
    Join Date
    Apr 2007
    Posts
    39
    Rep Power
    8

    Default Change Port 22

    As an security measure we change the ssh port from 22 to XXXX. When we did this the Zimbra mail server shows this message:

    Message: system failure: exception during auth {RemoteManager: mailserver.xxxxxxx.com->zimbra@mailserver.xxxxxxxx.com:22}
    Error code: service.FAILURE
    Method: ZmCsfeCommand.prototype.invoke
    Details:soap:Receiver

    Can we change Zimbra setting the to our custom setting?

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Quote Originally Posted by OfMacAndMen View Post
    As an security measure we change the ssh port from 22 to XXXX. When we did this the Zimbra mail server shows this message:
    If you are behind a router and this port isn't open to the outside world, this change doesn't matter. If you're not behind a router and this port is open to the outside world then changing it to another port makes not a blind bit of difference - a port scan of your system will find it in moments. This change adds not one bit of extra security to your system.

    If you really want to change it (really, it's more trouble than it's worth) then search the forums, it's been covered a couple of times.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    OfMacAndMen is offline Active Member
    Join Date
    Apr 2007
    Posts
    39
    Rep Power
    8

    Default Port 22

    We run over 16 Linux server. Half had port 22 changed. We monitor the server's logs very closely. The servers that have the port 22 changed have 99% less brute force attacks.

  4. #4
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    20

    Default

    zmprov ms server.domain.com zimbraRemoteManagementPort xxxx

  5. #5
    OfMacAndMen is offline Active Member
    Join Date
    Apr 2007
    Posts
    39
    Rep Power
    8

    Default Upgrade to 5.0.4

    Does this work in 5.0.4??

  6. #6
    OfMacAndMen is offline Active Member
    Join Date
    Apr 2007
    Posts
    39
    Rep Power
    8

    Default Does this work in 5.0.9

    We are receiving an error on the Server Status page.

  7. #7
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    20

    Default

    Substitute your port number in the below instructions:

    1. Check /etc/sshd_config and be sure it's set to 22 (or the port you're using)
    2. stop/start/restart sshd
    Code:
    /etc/init.d/ssh restart
    3. su - zimbra
    4. Be sure zimbra's ssh port is set to 22 (or the port you're using)
    Code:
    zmprov ms server.domain.com zimbraRemoteManagementPort 22
    5. Generate new ssh keys
    Code:
    cd /opt/zimbra/bin/
    ./zmsshkeygen
    6. Deploy the keys
    Code:
    ./zmupdateauthkeys
    To test this, you can run the following command:
    ssh -vi .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@server.domain.com -p 22 (or the port you're using)
    -Shouldn't prompt you for a password at this point...then check the admin console mail queues area/servers/certificates.
    If you continue to get that error please see this doc for some more ideas Mail Queue Monitoring - Zimbra :: Wiki

  8. #8
    Dirk's Avatar
    Dirk is offline Moderator
    Join Date
    May 2006
    Location
    England.
    Posts
    927
    Rep Power
    9

    Default

    When I first read this, I thought it was about port 25, SMTP, but then I noticed it was actually about SSH.

    Opening SSH to the world on any port is a 'bad idea'.
    If you need SSH access, go via a VPN. At the very least use a router to permit SSH access only for traffic originating from pre specified IP addresses.

  9. #9
    flums is offline Trained Alumni
    Join Date
    Mar 2007
    Location
    Oslo, Norway
    Posts
    123
    Rep Power
    8

    Default

    Quote Originally Posted by phoenix View Post
    If you are behind a router and this port isn't open to the outside world, this change doesn't matter. If you're not behind a router and this port is open to the outside world then changing it to another port makes not a blind bit of difference - a port scan of your system will find it in moments. This change adds not one bit of extra security to your system.

    If you really want to change it (really, it's more trouble than it's worth) then search the forums, it's been covered a couple of times.
    This is somewhat dumb to say. As others here told, brute force attempts goes down 99-100% changing ssh port from 22 til 22400 (as i do). Logs are one mile long, which u don't want when ssh is at port 22.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Change incoming mail port
    By polarizer in forum Installation
    Replies: 1
    Last Post: 12-12-2006, 12:30 AM
  2. Replies: 0
    Last Post: 11-16-2006, 07:28 PM
  3. Change port 443 to other
    By cgarciauy in forum Administrators
    Replies: 1
    Last Post: 04-10-2006, 04:01 PM
  4. How to change web access port?
    By hootjr29 in forum Installation
    Replies: 8
    Last Post: 02-21-2006, 05:50 AM
  5. Attachments and Port Change
    By jholder in forum Users
    Replies: 1
    Last Post: 12-13-2005, 09:36 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •