Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com
Dropbear on 2 ports?
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

Dropbear on 2 ports?

KuJoeKuJoe Member, Provider
edited July 2011 in Help

I'm posting this for drmike who is unavailable right now.

So does anybody know anything about running dropbear on 2 ports? I'm guessing this can be done with iptables or maybe even stunnel by forwarding the second port to the main one?

-Joe @ SecureDragon - LEB's Powered by Wyvern in FL, CO, CA, IL, NJ, GA, OR, TX, and AZ
Need backup space? Check out BackupDragon

Comments

  • LowEndAdminLowEndAdmin Member
    edited July 2011

    Depending on how you usually run Dropbear. What I normally do is to use xinetd and then run dropbear using the inet mode. For example using this file under /etc/xinet.d/dropbear

    service ssh
    {
        type            = UNLISTED
        socket_type     = stream
        port            = 22
        only_from       = 0.0.0.0
        wait            = no
        user            = root
        protocol        = tcp
        server          = /usr/sbin/dropbear
        server_args     = -i
        disable         = no
    }
    

    To use dropbear on a different port, I would

    • Copy that file to another file in the same directory, for example dropbear12345
    • Change the port to something else, for example port = 12345
    • Restart xinetd to reload the settings.

    xinetd would then bind to both ports, and serve dropbear -i from either of them.

    Thanked by 1Xeoncross

    Blog at LowEndBox.com.

  • drmikedrmike Member
    edited July 2011

    Thanks

    Not different port but 2 ports please.

    edit: We discussed this on the old site but there the discussion was for a change or port numbers as well.

  • drmike said: Not different port but 2 ports please

    That's exactly what I was trying to demonstrate. You ended up having multiple "sshxxxx" files inside your xinetd.d directory with different port = xxxx lines. When xinetd starts it reads all of them and binds all those ports, where all of them would invoke dropbear.

    Blog at LowEndBox.com.

  • I use the init daemon on my servers and use this to add extra ports to my server :P

    sed -i -e 's/-p "$DROPBEAR_PORT" -W/-p "$DROPBEAR_PORT" -p 110 -W/g' /etc/init.d/dropbear
    Replace 110 with the port you wish to use :P

  • dannixdannix Member

    dropbear has an option '-p' for specifying port on which it should listen. It allows for multiple '-p' options (up to 10). It looks like there is no way to specify multiple ports like -p 22,222.

    In debian the configuration can be done via /etc/default/dropbear. There you can specify one port by

    DROPBEAR_PORT=22

    The additional ports you can be specified by

    DROPBEAR_EXTRA_ARGS="-p 100 -p 200 -p 300"
  • efballefball Member

    I don't need dropbear on two ports, but I want it on IPv4 & IPv6, and it's only working on IPv4. The changelog says IPv6 support was added in 2005, but the man page doesn't mention it.

  • @ efball
    I have dropbear on 2 vpses . 1st one is Debian Lenny (dropbear V0.51). out of the box it supports IPv6 and works like a charm.

    2nd one is Debian Squeeze.(dropbear V0.52). in this vps , everything else support ipv6 except dropbear. for supporting ipv6 , i used 6tunnel ,this program forward ipv6 traffic to ipv4. I couldn't find dropbear problem in this vps.

  • efballefball Member
    edited July 2011

    I'm using Debian squeeze with dropbear 0.52-5.
    netstat shows dropbear on IPv4 only, no errors anywhere.
    Sound like a bug.

  • mrm2005mrm2005 Member
    edited July 2011

    I think dropbear can't detect ipv6 in new kernels.
    On Debian Lenny , when you run "lsmod " command , you see "ipv6" kernel module in the list , but in Debian Squeeze you don't, so dropbear thinks that your kernel doesn't support ipv6, but it does.

  • efballefball Member
    edited July 2011

    I got the src for dropbear and it doesn't appear to look for an ipv6 module, and on an openvz vps lsmod doesn't work anyway - so that wouldn't work in Lenny.

    I found this bug report: https://bugs.launchpad.net/ubuntu/+source/dropbear/+bug/468020
    Ubuntu ipv6 also broke when they went from .51 to .52

    Also there is a patch posted here:
    https://lists.openwrt.org/pipermail/openwrt-devel/2009-May/004299.html
    It's from two years ago, and they say they submitted it to dropbear, but it's not in 0.52

    0.53-1 of dropbear doesn't have the patch either.

    Thanked by 1mrm2005
  • Thanks for the info.

    I usually don't compile the sources , so i have to use packages in Debian Repositories (also backports).
    BTW , Both of my vpses are Xen PV. in Squeeze lsmod doesn't show ipv6 module, but there is no problem with ipv6.

Sign In or Register to comment.