Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    Dropbear on 2 ports?
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    Dropbear on 2 ports?

    KuJoeKuJoe Member, Provider
    edited July 2011 in Help

    I'm posting this for drmike who is unavailable right now.

    So does anybody know anything about running dropbear on 2 ports? I'm guessing this can be done with iptables or maybe even stunnel by forwarding the second port to the main one?

    -Joe @ SecureDragon - LEB's Powered by Wyvern in FL, CO, CA, IL, NJ, GA, OR, TX, and AZ
    Need backup space? Check out BackupDragon

    Comments

    • LowEndAdminLowEndAdmin Member
      edited July 2011

      Depending on how you usually run Dropbear. What I normally do is to use xinetd and then run dropbear using the inet mode. For example using this file under /etc/xinet.d/dropbear

      service ssh
      {
          type            = UNLISTED
          socket_type     = stream
          port            = 22
          only_from       = 0.0.0.0
          wait            = no
          user            = root
          protocol        = tcp
          server          = /usr/sbin/dropbear
          server_args     = -i
          disable         = no
      }
      

      To use dropbear on a different port, I would

      • Copy that file to another file in the same directory, for example dropbear12345
      • Change the port to something else, for example port = 12345
      • Restart xinetd to reload the settings.

      xinetd would then bind to both ports, and serve dropbear -i from either of them.

      Thanked by 1Xeoncross

      Blog at LowEndBox.com.

    • drmikedrmike Member
      edited July 2011

      Thanks

      Not different port but 2 ports please.

      edit: We discussed this on the old site but there the discussion was for a change or port numbers as well.

    • drmike said: Not different port but 2 ports please

      That's exactly what I was trying to demonstrate. You ended up having multiple "sshxxxx" files inside your xinetd.d directory with different port = xxxx lines. When xinetd starts it reads all of them and binds all those ports, where all of them would invoke dropbear.

      Blog at LowEndBox.com.

    • I use the init daemon on my servers and use this to add extra ports to my server :P

      sed -i -e 's/-p "$DROPBEAR_PORT" -W/-p "$DROPBEAR_PORT" -p 110 -W/g' /etc/init.d/dropbear
      Replace 110 with the port you wish to use :P

    • dannixdannix Member

      dropbear has an option '-p' for specifying port on which it should listen. It allows for multiple '-p' options (up to 10). It looks like there is no way to specify multiple ports like -p 22,222.

      In debian the configuration can be done via /etc/default/dropbear. There you can specify one port by

      DROPBEAR_PORT=22

      The additional ports you can be specified by

      DROPBEAR_EXTRA_ARGS="-p 100 -p 200 -p 300"
    • efballefball Member

      I don't need dropbear on two ports, but I want it on IPv4 & IPv6, and it's only working on IPv4. The changelog says IPv6 support was added in 2005, but the man page doesn't mention it.

    • @ efball
      I have dropbear on 2 vpses . 1st one is Debian Lenny (dropbear V0.51). out of the box it supports IPv6 and works like a charm.

      2nd one is Debian Squeeze.(dropbear V0.52). in this vps , everything else support ipv6 except dropbear. for supporting ipv6 , i used 6tunnel ,this program forward ipv6 traffic to ipv4. I couldn't find dropbear problem in this vps.

    • efballefball Member
      edited July 2011

      I'm using Debian squeeze with dropbear 0.52-5.
      netstat shows dropbear on IPv4 only, no errors anywhere.
      Sound like a bug.

    • mrm2005mrm2005 Member
      edited July 2011

      I think dropbear can't detect ipv6 in new kernels.
      On Debian Lenny , when you run "lsmod " command , you see "ipv6" kernel module in the list , but in Debian Squeeze you don't, so dropbear thinks that your kernel doesn't support ipv6, but it does.

    • efballefball Member
      edited July 2011

      I got the src for dropbear and it doesn't appear to look for an ipv6 module, and on an openvz vps lsmod doesn't work anyway - so that wouldn't work in Lenny.

      I found this bug report: https://bugs.launchpad.net/ubuntu/+source/dropbear/+bug/468020
      Ubuntu ipv6 also broke when they went from .51 to .52

      Also there is a patch posted here:
      https://lists.openwrt.org/pipermail/openwrt-devel/2009-May/004299.html
      It's from two years ago, and they say they submitted it to dropbear, but it's not in 0.52

      0.53-1 of dropbear doesn't have the patch either.

      Thanked by 1mrm2005
    • Thanks for the info.

      I usually don't compile the sources , so i have to use packages in Debian Repositories (also backports).
      BTW , Both of my vpses are Xen PV. in Squeeze lsmod doesn't show ipv6 module, but there is no problem with ipv6.

    Sign In or Register to comment.