Hi All,

I'm trying to change my SSH port from 22 to 443. I was able to do that
on my previous install of Red Hat 9.0, which ran OpenSSH_3.6.1p2.

Now I am running CentOS 4.4 and when I change the port to run on 443,
the sshd process will not start. There are no messages in the log
either. The same behavior takes place if I try and run it on Port 80,
but the service starts if I use some other random port, like 55.

So, there seems to be a port conflict. CentOS is using OpenSSH_3.9p1.
It worked with Red Hat, so I'm at a loss as to why I cannot do this.

Any please?

Thanks in advance!

Todd H. wrote:
> "amerar@iwc.net" <amerar@iwc.net> writes:
>
> > Hi All,
> >
> > I'm trying to change my SSH port from 22 to 443. I was able to do that
> > on my previous install of Red Hat 9.0, which ran OpenSSH_3.6.1p2.
> >
> > Now I am running CentOS 4.4 and when I change the port to run on 443,
> > the sshd process will not start. There are no messages in the log
> > either. The same behavior takes place if I try and run it on Port 80,
> > but the service starts if I use some other random port, like 55.
> >
> > So, there seems to be a port conflict. CentOS is using OpenSSH_3.9p1.
> > It worked with Red Hat, so I'm at a loss as to why I cannot do this.
> >
> > Any please?
>
> What's netstat -an | grep 443 say?
>
>
> --
> Todd H.
> http://www.toddh.net/

Hi Todd,

Thanks for replying. Here is the output:

tcp 0 0 :::443 :::* LISTEN

Does that at all?

amerar@iwc.net wrote:
> Todd H. wrote:
> > "amerar@iwc.net" <amerar@iwc.net> writes:
> >
> > > Hi All,
> > >
> > > I'm trying to change my SSH port from 22 to 443. I was able to do that
> > > on my previous install of Red Hat 9.0, which ran OpenSSH_3.6.1p2.
> > >
> > > Now I am running CentOS 4.4 and when I change the port to run on 443,
> > > the sshd process will not start. There are no messages in the log
> > > either. The same behavior takes place if I try and run it on Port 80,
> > > but the service starts if I use some other random port, like 55.
> > >
> > > So, there seems to be a port conflict. CentOS is using OpenSSH_3.9p1.
> > > It worked with Red Hat, so I'm at a loss as to why I cannot do this.
> > >
> > > Any please?
> >
> > What's netstat -an | grep 443 say?
> >
> >
> > --
> > Todd H.
> > http://www.toddh.net/
>
> Hi Todd,
>
> Thanks for replying. Here is the output:
>
> tcp 0 0 :::443 :::* LISTEN
>
> Does that at all?

It certainly is a clue.

Standard interfaces do not permit processes to bind to a port that is
already in use. Port 443 is the standard port for HTTPS, and port 80 is
the standard port for HTTP. If you have a webserver already active on
your system, it has already bound itself to port 80 and likely also
port 443. Any new program (like sshd) cannot bind to those ports
because they are already in use.

If you absolutely /must/ use port 443, shut down your webserver, or at
least disable it's use of HTTPS.

HTH
--
Lew

Lew Pitcher wrote:
> amerar@iwc.net wrote:
> > Todd H. wrote:
> > > "amerar@iwc.net" <amerar@iwc.net> writes:
> > >
> > > > Hi All,
> > > >
> > > > I'm trying to change my SSH port from 22 to 443. I was able to do that
> > > > on my previous install of Red Hat 9.0, which ran OpenSSH_3.6.1p2.
> > > >
> > > > Now I am running CentOS 4.4 and when I change the port to run on 443,
> > > > the sshd process will not start. There are no messages in the log
> > > > either. The same behavior takes place if I try and run it on Port 80,
> > > > but the service starts if I use some other random port, like 55.
> > > >
> > > > So, there seems to be a port conflict. CentOS is using OpenSSH_3.9p1.
> > > > It worked with Red Hat, so I'm at a loss as to why I cannot do this.
> > > >
> > > > Any please?
> > >
> > > What's netstat -an | grep 443 say?
> > >
> > >
> > > --
> > > Todd H.
> > > http://www.toddh.net/
> >
> > Hi Todd,
> >
> > Thanks for replying. Here is the output:
> >
> > tcp 0 0 :::443 :::* LISTEN
> >
> > Does that at all?
>
> It certainly is a clue.
>
> Standard interfaces do not permit processes to bind to a port that is
> already in use. Port 443 is the standard port for HTTPS, and port 80 is
> the standard port for HTTP. If you have a webserver already active on
> your system, it has already bound itself to port 80 and likely also
> port 443. Any new program (like sshd) cannot bind to those ports
> because they are already in use.
>
> If you absolutely /must/ use port 443, shut down your webserver, or at
> least disable it's use of HTTPS.
>
> HTH
> --
> Lew

Hmm....why did it work in Red Hat 9.0?? Also, where do I shut down
https?

That netstat command on my Red Hat 9.0 server gives this output:

tcp 0 0 0.0.0.0:443 0.0.0.0:*
LISTEN
tcp 0 0 192.168.1.110:443 192.108.183.4:39472
ESTABLISHED
tcp 0 0 192.168.1.110:443 192.168.1.100:4989
ESTABLISHED
tcp 0 0 192.168.1.110:443 192.108.183.4:40648
ESTABLISHED

Todd H. wrote:
> "amerar@iwc.net" <amerar@iwc.net> writes:
>
> >
> > Hi Todd,
> >
> > Thanks for replying. Here is the output:
> >
> > tcp 0 0 :::443 :::* LISTEN
> >
> > Does that at all?
>
> Yes. Something else is already listening on that port evidently. You
> have apache running on this box? It listens on 443 for https://
> connections and is likely the reason ssh doesn't want to run there.
>
> If you have lsof you can confirm whether apache is what has it
> grabbed, and/or find out exactly what program is hanging onto that
> port with this command:
>
> root# lsof -i :443
>
> If you don't have lsof, then
> $ ps -ef | grep apache
>
> will tell you if apache is running, and it's a pretty safe bet that if
> apache is running, it's the one listening on 443.
>
> Best Regards,
> --
> Todd H.
> http://www.toddh.net/

Well, I am running Apache. I was running it on my Red Hat server also.
So, whyon the Red Hat server could I run both https & ssh on port 443,
and I cannot seem to do that with my new server running CentOS?

Could it be just a feature of the OS??

Todd H. wrote:
> "amerar@iwc.net" <amerar@iwc.net> writes:
>
> >
> > Hi Todd,
> >
> > Thanks for replying. Here is the output:
> >
> > tcp 0 0 :::443 :::* LISTEN
> >
> > Does that at all?
>
> Yes. Something else is already listening on that port evidently. You
> have apache running on this box? It listens on 443 for https://
> connections and is likely the reason ssh doesn't want to run there.
>
> If you have lsof you can confirm whether apache is what has it
> grabbed, and/or find out exactly what program is hanging onto that
> port with this command:
>
> root# lsof -i :443
>
> If you don't have lsof, then
> $ ps -ef | grep apache
>
> will tell you if apache is running, and it's a pretty safe bet that if
> apache is running, it's the one listening on 443.
>
> Best Regards,
> --
> Todd H.
> http://www.toddh.net/

Take a look at the differences between the output from the CentOS
server & the Red Hat server......

CentOS
-----------
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
httpd 4487 root 4u IPv6 10194 TCP *:https (LISTEN)
httpd 4490 apache 4u IPv6 10194 TCP *:https (LISTEN)
httpd 4491 apache 4u IPv6 10194 TCP *:https (LISTEN)
httpd 4492 apache 4u IPv6 10194 TCP *:https (LISTEN)
httpd 4493 apache 4u IPv6 10194 TCP *:https (LISTEN)
httpd 4494 apache 4u IPv6 10194 TCP *:https (LISTEN)
httpd 4495 apache 4u IPv6 10194 TCP *:https (LISTEN)
httpd 4496 apache 4u IPv6 10194 TCP *:https (LISTEN)
httpd 4497 apache 4u IPv6 10194 TCP *:https (LISTEN)

Red Hat
------------
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 28814 root 3u IPv4 221599860 TCP *:https (LISTEN)

Any comments???

"amerar@iwc.net" <amerar@iwc.net> writes:

> Hi All,
>
> I'm trying to change my SSH port from 22 to 443. I was able to do that
> on my previous install of Red Hat 9.0, which ran OpenSSH_3.6.1p2.
>
> Now I am running CentOS 4.4 and when I change the port to run on 443,
> the sshd process will not start. There are no messages in the log
> either. The same behavior takes place if I try and run it on Port 80,
> but the service starts if I use some other random port, like 55.
>
> So, there seems to be a port conflict. CentOS is using OpenSSH_3.9p1.
> It worked with Red Hat, so I'm at a loss as to why I cannot do this.
>
> Any please?

What's netstat -an | grep 443 say?


--
Todd H.
http://www.toddh.net/

"amerar@iwc.net" <amerar@iwc.net> writes:

>
> Hi Todd,
>
> Thanks for replying. Here is the output:
>
> tcp 0 0 :::443 :::* LISTEN
>
> Does that at all?

Yes. Something else is already listening on that port evidently. You
have apache running on this box? It listens on 443 for https://
connections and is likely the reason ssh doesn't want to run there.

If you have lsof you can confirm whether apache is what has it
grabbed, and/or find out exactly what program is hanging onto that
port with this command:

root# lsof -i :443

If you don't have lsof, then
$ ps -ef | grep apache

will tell you if apache is running, and it's a pretty safe bet that if
apache is running, it's the one listening on 443.

Best Regards,
--
Todd H.
http://www.toddh.net/

"amerar@iwc.net" <amerar@iwc.net> writes:

> Hmm....why did it work in Red Hat 9.0??

Perhaps when that was installed, it didn't include apache being
installed by default.

> Also, where do I shut down https?

I don't use redhat, but in gentoo,

/etc/init.d/apache2 stop

Is what I'd do. In RH, YMMV.

> That netstat command on my Red Hat 9.0 server gives this output:
>
> tcp 0 0 0.0.0.0:443 0.0.0.0:*
> LISTEN
> tcp 0 0 192.168.1.110:443 192.108.183.4:39472
> ESTABLISHED
> tcp 0 0 192.168.1.110:443 192.168.1.100:4989
> ESTABLISHED
> tcp 0 0 192.168.1.110:443 192.108.183.4:40648
> ESTABLISHED

Looks like your https server is being talked to right now by 2 other
machines for whatever reason?



--
Todd H.
http://www.toddh.net/

"amerar@iwc.net" <amerar@iwc.net> writes:

> Take a look at the differences between the output from the CentOS
> server & the Red Hat server......
>
> CentOS
> -----------
> COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
> httpd 4487 root 4u IPv6 10194 TCP *:https (LISTEN)
> httpd 4490 apache 4u IPv6 10194 TCP *:https (LISTEN)
> httpd 4491 apache 4u IPv6 10194 TCP *:https (LISTEN)
> httpd 4492 apache 4u IPv6 10194 TCP *:https (LISTEN)
> httpd 4493 apache 4u IPv6 10194 TCP *:https (LISTEN)
> httpd 4494 apache 4u IPv6 10194 TCP *:https (LISTEN)
> httpd 4495 apache 4u IPv6 10194 TCP *:https (LISTEN)
> httpd 4496 apache 4u IPv6 10194 TCP *:https (LISTEN)
> httpd 4497 apache 4u IPv6 10194 TCP *:https (LISTEN)
>
> Red Hat
> ------------
> COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
> sshd 28814 root 3u IPv4 221599860 TCP *:https (LISTEN)

>
> Any comments???

Yeah, on Red Hat, your apache server isn't listening on 443.

If you need apache to run and answer on port 80 and want ssh listening
on 443 you'll need to your apache configuration to not have it listen
on 443. I'm not an apache2 guru, so you'll have to dig to find out
how to modify that config--shouldn't be too hard.


--
Todd H.
http://www.toddh.net/

El 15 Nov 2006 11:21:31 -0800 , "amerar@iwc.net" <amerar@iwc.net>
escribió:

> Hmm....why did it work in Red Hat 9.0??

Because it has not HTTPS (SSL) enabled by default

> Also, where do I shut down https?

Read the apache documentation at: http://httpd.apache.org/

You can find how to do that in few minutes


Regards.

In article <1163618491.859655.320430@b28g2000cwb.googlegroups .com>,
amerar@iwc.net wrote:
>
>Lew Pitcher wrote:
>>
>> Standard interfaces do not permit processes to bind to a port that is
>> already in use. Port 443 is the standard port for HTTPS, and port 80 is
>> the standard port for HTTP. If you have a webserver already active on
>> your system, it has already bound itself to port 80 and likely also
>> port 443. Any new program (like sshd) cannot bind to those ports
>> because they are already in use.
>>
>> If you absolutely /must/ use port 443, shut down your webserver, or at
>> least disable it's use of HTTPS.
>>
>> HTH
>> --
>> Lew
>
>Hmm....why did it work in Red Hat 9.0?? Also, where do I shut down
>https?

Presumably because you weren't running apache on the RH9 box, or
if you were, it wasn't set up to run https. I don't know that
much about Apache, so I can't give you much advice about what
you want to do to get it to free up the port. A lot depends
on what the Apache server is doing there; if it's actively
serving up encrypted web pages, you'll break that when you
take it off port 443.
>
>That netstat command on my Red Hat 9.0 server gives this output:
>
>tcp 0 0 0.0.0.0:443 0.0.0.0:*
>LISTEN
>tcp 0 0 192.168.1.110:443 192.108.183.4:39472
>ESTABLISHED
>tcp 0 0 192.168.1.110:443 192.168.1.100:4989
>ESTABLISHED
>tcp 0 0 192.168.1.110:443 192.108.183.4:40648
>ESTABLISHED
>

This is the box where you're running sshd on port 443, right?
Then what you're seeing here is the sshd listening on port 443,
and three people logged on to it, two from 192.108.183.4, and
one from 192.168.1.100. You can have multiple connections
through one port, but only one process can *listen* on the port
for new connections.


--
Christopher Mattern

"Which one you figure tracked us?"
"The ugly one, sir."
"...Could you be more specific?"