Change SSH Ports on Vera?

clippermiami · January 22, 2017, 3:42pm

I have several Vera devices running and I’m trying to provide a means to SSH in to each. My basically stupid router, an AT&T uVerse NVG589, complains if I try to set up a NAT for more than one of them i.e.

External Address External Port Internal Address Internal Port
xxx.xxx.xxx.xxx 1022 192.168.1.101 22
xxx.xxx.xxx.xxx 2022 192.168.1.102 22
xxx.xxx.xxx.xxx 3022 192.168.1.103 22

The router will accept the first mapping but rejects any more mapped to the same port even though they are different target devices.

So it looks like the only way around it is to actually change the target device SSH port if possible. I’ve looked in the various configuration settings but it appears the SSH port is not definable.

Z-Waver · January 23, 2017, 12:58am

I recommend against your current plan. Use a “jump box”, some other machine that you can ssh from to Vera.

Anyway, Vera(OpenWRT) uses dropbear for the ssh daemon.

clippermiami · January 23, 2017, 1:06am

Thanks, I wasn’t crazy about the idea but I had run out of alternatives. My router used to support this but somewhere in the past two-three weeks they did an update and now its “smarter” and won’t allow it.

BOFH · January 23, 2017, 2:15am

I agree with Z-Waver. I just SSH into my Unix server and from there I can SSH into my Vera’s and DD-WRT AP units.

clippermiami · January 24, 2017, 12:54am

But I don’t have a UNIX server and have no interest in learning UNIX to do this I’ll have to live without it I guess

BOFH · January 24, 2017, 1:36am

Just buy a Raspberry PI 3 and hook that up to your network. Easy peasy to set up and run even for a Linux newbie. There’s your ‘unix’ server for less than $50 (including case, keyboard, PSU, SD card et al)

As an added bonus you can run Pi-Hole (https://pi-hole.net/) on it and block all those annoying ad banners right at the edge of your network. Even some in the various apps. Once you set it up it’s basically ‘fire and forget’.

I believe there is a SSH server service for Windows as well if you have one of those running and feel more comfortable with that OS. If it wasn’t for Blue Iris, I could have run everything else I needed on my existing Unix server. ZoneMinder would be an option, but I’d have to build a new server with a different Unix flavor for that so right now, Blue Iris it is for camera support. I recently saw the HikVision software in action on a setup with 350 camera’s. Oh boy, me likee but to expensive for home use.

rge · January 24, 2017, 8:44am

The SSH service on Vera is called dropbear.

Config is in /etc/config/dropbear, including the port.

BUT I haven’t tried making any changes, obviously it would be very easy to lose access if it doesn’t work.

Also quite likely to get reverted on upgrade I guess.

edit: I tried it - you can simply make it run on two ports, here’s an example /etc/config/dropbear

config dropbear
option PasswordAuth ‘on’
option RootPasswordAuth ‘on’
option Port ‘22’
option Listen ‘0.0.0.0’

config dropbear
option PasswordAuth ‘on’
option RootPasswordAuth ‘on’
option Port ‘2222’
option List ‘0.0.0.0’

tomtcom · January 24, 2017, 12:32pm

Do some google searches on dropbear with multiple ports. Others have asked not related to Vera or home automation. Seems it can be done with 2 config files but as it was pointed out your changes would probably be gone after a firmware upgrade.