How to install dropbear and change the SSH port [CENTOS]

Find an article
Jul 29
Published by in · Leave your thoughts
( words)
Warning! There was an error loading some of the images for this post.

So I recently purchased a new server, with the aim to run Virtualizor and OpenVZ on it which happened to mean installing Centos instead of my usual Debian. The experience was definitely an interesting one, but here’s what happened:

Add the dropbear repo:

rpm -Uvh http://ftp-stud.hs-esslingen.de/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Install dropbear:

yum install dropbear

I was initially baffled as how to configure Dropbear on Centos, having previously only set it up on Debian. Here’s how I got it to work. First create a new file in /etc/sysconfig for dropbear:

vim /etc/sysconfig/dropbear

Now you can pass parameters to dropbear for when it’s starting up:

OPTIONS=" -p 222"

Here you can add other parameters, such as disabling root logins; for a full list read:

man dropbear

Remove OpenSSH:

yum erase openssh-server

Add dropbear to startup and start the sever:

chkconfig dropbear on
service dropbear start

Make sure you check that it is indeed running and verify from another box before you logout your current session otherwise you’re well and truly in a pickle.


FAQ

Service won’t correctly start up

It turns out that SELinunx is shipped with Centos by default (unlike Debian.) If you change the SSH port as I did earlier in the sysconfig file then you need to update SELinux to the new port number, don’t be disconcerted if the below command takes a while to run:

semanage port -a -t ssh_port_t -p tcp 222

If semanage doesn’t exist then you need to install it

yum install policycoreutils-python

 

I’m still not able to connect? “No route to host”

My problem here was Centos also decided it wants to setup iptables which by default are setup to only allow access for SSH on port 22. To change this:

vim /etc/sysconfig/iptables

Now change the below line from using port 22 to the port you decided upon earlier (I used 222):

-A INPUT -m state --state NEW -m tcp -p tcp --dport 222 -j ACCEPT

Make sure to restart iptables so the changes take effect:

service iptables restart

Leave a Reply

Your email address will not be published.