I am using my raspberry pi with Linux 3.18+ installed. I changed the default ssh port from 22 to 16022. This is my sshd_config file:
Code:
# Package generated configuration file # See the sshd_config(5) manpage for details # What ports, IPs and protocols we listen for #Port 22 Port 16022 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2
PAM auth is disabled and I only login using password. Now, I checked the authentication log file: /var/log/auth.log. This is a snippet of what it contains:
Quote:
Apr 23 23:44:55 raspberrypi sshd[6473]: Accepted password for pi from 50.252.93.50 port 51978 ssh2
Apr 23 23:52:22 raspberrypi sshd[6477]: Received disconnect from 50.252.93.50: 11: Normal Shutdown
May 5 01:51:02 raspberrypi sshd[4551]: Accepted password for pi from 50.153.109.28 port 30222 ssh
May 5 09:43:47 raspberrypi sshd[6033]: Accepted password for pi from 50.153.110.150 port 21551 ssh2
May 5 09:43:53 raspberrypi sshd[6039]: Received disconnect from 50.153.110.150: 11: Normal Shutdown
May 5 14:09:23 raspberrypi sshd[6783]: Accepted password for pi from 50.153.109.23 port 28684 ssh
May 5 14:32:43 raspberrypi sshd[7008]: Accepted password for pi from 50.153.109.23 port 28689 ssh
May 5 14:37:21 raspberrypi sshd[7014]: Received disconnect from 50.153.109.23: 11: Normal Shutdow
May 8 02:01:41 raspberrypi sshd[24468]: Accepted password for pi from 50.153.110.150 port 30862 ssh2
How is this possible? Why is it showing these random ports for ssh?
This is what 'sudo netstat -nlp' gives:
Code:
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 7923/0 tcp 0 0 0.0.0.0:16022 0.0.0.0:* LISTEN 2501/sshd udp 0 0 0.0.0.0:37851 0.0.0.0:* 2019/dhclient udp 0 0 0.0.0.0:68 0.0.0.0:* 2192/dhclient udp 0 0 0.0.0.0:68 0.0.0.0:* 2019/dhclient udp 0 0 192.168.1.82:123 0.0.0.0:* 2419/ntpd udp 0 0 192.168.1.78:123 0.0.0.0:* 2419/ntpd udp 0 0 127.0.0.1:123 0.0.0.0:* 2419/ntpd udp 0 0 0.0.0.0:123 0.0.0.0:* 2419/ntpd udp 0 0 0.0.0.0:44953 0.0.0.0:* 2192/dhclient Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ACC ] SEQPACKET LISTENING 3880 168/udevd /run/udev/control unix 2 [ ACC ] STREAM LISTENING 8018 2341/dbus-daemon /var/run/dbus/system_bus_socket
Plus, I am accessing my machine from outside my home network. My router is configured to block all ports, except 16022, whose tcp traffic is forwarded to my raspberry pi. So I don't understand why the log file has these weird ports listed.