How to set ssh to try not only port 22 but secondary port every time?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
8
down vote

favorite
2












As part of my effort to reduce noise in logs and slightly reducing discoverability (and on top of fail2ban, allowing only public key authentication etc.) I routinely change sshd-ports on servers I set up to a different port, let's say 5492. Currently I either append -p 5492 to my ssh command, or add the port for each specific server into my ssh_config.



Is there a way to configure ssh to try connecting to both port 22 and port 5492 if port 22 doesn't work?







share|improve this question


















  • 1




    I do prefer instead of having security through obscurity, setting up a VPN and not having open ssh ports to the Internet at large at all.
    – Rui F Ribeiro
    Feb 17 at 9:55







  • 2




    @RuiFRibeiro I agree, that it is not more secure. It does, however, keep noise down in log files. One could also use port knocking to reduce login attempts which does increase security.
    – Ned64
    Feb 17 at 10:13







  • 2




    @RuiFRibeiro Is a VPN server more secure than an SSH server though?
    – Riley
    Feb 17 at 10:55










  • It all depends on the implementation. In my former job, I defined 2 VPN entries for redundancy, and no whatsoever ssh presence for the outside.
    – Rui F Ribeiro
    Feb 17 at 16:49







  • 2




    Security by obscurity is a good ADDITIONAL layer on top of a good setup, especially when it is about opportunistic attackers.
    – rackandboneman
    Feb 17 at 20:51














up vote
8
down vote

favorite
2












As part of my effort to reduce noise in logs and slightly reducing discoverability (and on top of fail2ban, allowing only public key authentication etc.) I routinely change sshd-ports on servers I set up to a different port, let's say 5492. Currently I either append -p 5492 to my ssh command, or add the port for each specific server into my ssh_config.



Is there a way to configure ssh to try connecting to both port 22 and port 5492 if port 22 doesn't work?







share|improve this question


















  • 1




    I do prefer instead of having security through obscurity, setting up a VPN and not having open ssh ports to the Internet at large at all.
    – Rui F Ribeiro
    Feb 17 at 9:55







  • 2




    @RuiFRibeiro I agree, that it is not more secure. It does, however, keep noise down in log files. One could also use port knocking to reduce login attempts which does increase security.
    – Ned64
    Feb 17 at 10:13







  • 2




    @RuiFRibeiro Is a VPN server more secure than an SSH server though?
    – Riley
    Feb 17 at 10:55










  • It all depends on the implementation. In my former job, I defined 2 VPN entries for redundancy, and no whatsoever ssh presence for the outside.
    – Rui F Ribeiro
    Feb 17 at 16:49







  • 2




    Security by obscurity is a good ADDITIONAL layer on top of a good setup, especially when it is about opportunistic attackers.
    – rackandboneman
    Feb 17 at 20:51












up vote
8
down vote

favorite
2









up vote
8
down vote

favorite
2






2





As part of my effort to reduce noise in logs and slightly reducing discoverability (and on top of fail2ban, allowing only public key authentication etc.) I routinely change sshd-ports on servers I set up to a different port, let's say 5492. Currently I either append -p 5492 to my ssh command, or add the port for each specific server into my ssh_config.



Is there a way to configure ssh to try connecting to both port 22 and port 5492 if port 22 doesn't work?







share|improve this question














As part of my effort to reduce noise in logs and slightly reducing discoverability (and on top of fail2ban, allowing only public key authentication etc.) I routinely change sshd-ports on servers I set up to a different port, let's say 5492. Currently I either append -p 5492 to my ssh command, or add the port for each specific server into my ssh_config.



Is there a way to configure ssh to try connecting to both port 22 and port 5492 if port 22 doesn't work?









share|improve this question













share|improve this question




share|improve this question








edited Feb 18 at 18:47









GAD3R

22.4k154893




22.4k154893










asked Feb 17 at 9:48









Riley

1433




1433







  • 1




    I do prefer instead of having security through obscurity, setting up a VPN and not having open ssh ports to the Internet at large at all.
    – Rui F Ribeiro
    Feb 17 at 9:55







  • 2




    @RuiFRibeiro I agree, that it is not more secure. It does, however, keep noise down in log files. One could also use port knocking to reduce login attempts which does increase security.
    – Ned64
    Feb 17 at 10:13







  • 2




    @RuiFRibeiro Is a VPN server more secure than an SSH server though?
    – Riley
    Feb 17 at 10:55










  • It all depends on the implementation. In my former job, I defined 2 VPN entries for redundancy, and no whatsoever ssh presence for the outside.
    – Rui F Ribeiro
    Feb 17 at 16:49







  • 2




    Security by obscurity is a good ADDITIONAL layer on top of a good setup, especially when it is about opportunistic attackers.
    – rackandboneman
    Feb 17 at 20:51












  • 1




    I do prefer instead of having security through obscurity, setting up a VPN and not having open ssh ports to the Internet at large at all.
    – Rui F Ribeiro
    Feb 17 at 9:55







  • 2




    @RuiFRibeiro I agree, that it is not more secure. It does, however, keep noise down in log files. One could also use port knocking to reduce login attempts which does increase security.
    – Ned64
    Feb 17 at 10:13







  • 2




    @RuiFRibeiro Is a VPN server more secure than an SSH server though?
    – Riley
    Feb 17 at 10:55










  • It all depends on the implementation. In my former job, I defined 2 VPN entries for redundancy, and no whatsoever ssh presence for the outside.
    – Rui F Ribeiro
    Feb 17 at 16:49







  • 2




    Security by obscurity is a good ADDITIONAL layer on top of a good setup, especially when it is about opportunistic attackers.
    – rackandboneman
    Feb 17 at 20:51







1




1




I do prefer instead of having security through obscurity, setting up a VPN and not having open ssh ports to the Internet at large at all.
– Rui F Ribeiro
Feb 17 at 9:55





I do prefer instead of having security through obscurity, setting up a VPN and not having open ssh ports to the Internet at large at all.
– Rui F Ribeiro
Feb 17 at 9:55





2




2




@RuiFRibeiro I agree, that it is not more secure. It does, however, keep noise down in log files. One could also use port knocking to reduce login attempts which does increase security.
– Ned64
Feb 17 at 10:13





@RuiFRibeiro I agree, that it is not more secure. It does, however, keep noise down in log files. One could also use port knocking to reduce login attempts which does increase security.
– Ned64
Feb 17 at 10:13





2




2




@RuiFRibeiro Is a VPN server more secure than an SSH server though?
– Riley
Feb 17 at 10:55




@RuiFRibeiro Is a VPN server more secure than an SSH server though?
– Riley
Feb 17 at 10:55












It all depends on the implementation. In my former job, I defined 2 VPN entries for redundancy, and no whatsoever ssh presence for the outside.
– Rui F Ribeiro
Feb 17 at 16:49





It all depends on the implementation. In my former job, I defined 2 VPN entries for redundancy, and no whatsoever ssh presence for the outside.
– Rui F Ribeiro
Feb 17 at 16:49





2




2




Security by obscurity is a good ADDITIONAL layer on top of a good setup, especially when it is about opportunistic attackers.
– rackandboneman
Feb 17 at 20:51




Security by obscurity is a good ADDITIONAL layer on top of a good setup, especially when it is about opportunistic attackers.
– rackandboneman
Feb 17 at 20:51










3 Answers
3






active

oldest

votes

















up vote
11
down vote



accepted










You could wrap a shell script around ssh but ssh itself will not do it.



One way using a bash function is this (put into ~/.bashrc):



function ssh() 


By the way, it is recommended to use root-reserved ports for system services like ssh in order to avoid users from having a process that listens on, say, port 5492. They may otherwise play man in the middle and possibly capture login data. So, use a port < 1024.






share|improve this answer


















  • 1




    That's a great solution. Also a great note on the ports!
    – Riley
    Feb 17 at 10:57






  • 5




    Note that the second connection will be made even if the first one succeeds if the command executed by ssh returns non-zero. A trivial example would be ssh user@server false.
    – Kusalananda
    Feb 17 at 14:44







  • 1




    @Kusalananda Thanks, I have written command now. Just wanted to avoid recursion, as you have guessed right.
    – Ned64
    Feb 17 at 14:52










  • The problem @Kusalananda mentions can be (mostly) avoided by testing the specific exit status of ssh -- if there's an ssh error (as opposed to the remote command failing), it'll exit with a status of 255. Thus, command ssh -p 22 "$@"; if [ "$?" -eq 255 ]; then command ssh -p 5492 "$@"; fi should work.
    – Gordon Davisson
    Feb 17 at 22:15

















up vote
9
down vote













ssh itself can do this via Match documented in ssh_config(5) though the documentation is somewhat sparse on examples. This form may be suitable if one wants to push the complexity into the SSH configuration though is restricted by the limitations of the ssh_config(5) syntax and may require some fiddling with for the desired outcome. Notably the custom port can either not be set or can be set wrongly from the previous Match attempt. This is why, below, it is set twice when tested for, or once for the default, and is not set when establishing the canonical defaults.



# here we set the defaults for the host (no port!)
Match !canonical host testhost
CanonicalizeHostname yes
Hostname 192.0.2.42
IdentityFile ~/.ssh/id_blahblah
...
# port available?
Match canonical host 192.0.2.42 exec "is-ssh-up %h 2222"
Port 2222
# or the default port
Match canonical host 192.0.2.42
Port 22


is-ssh-up merely checks whether something responds on the given port and might look like



#!/usr/bin/env expect
package require Tcl 8.5
if [llength $argv] < 2
puts stderr "Usage: is-ssh-up host port"
exit 1

puts stderr "is-ssh-up: DEBUG trying $argv"
set socket [socket -async [lindex $argv 0] [lindex $argv 1]]
chan event $socket readable [list exit 0]
after 3000 [list exit 1]
vwait godot





share|improve this answer
















  • 1




    if-then-else in .ssh/config ? I wouldn't have believe it !!
    – Archemar
    Feb 18 at 9:56

















up vote
1
down vote













You can use the wildcard function of ~.ssh/config, putting this entry in your list:



Host *
Port 5492


But this won't fall back to 22 by itself.



If you put it at the end, you can still override it for those hosts were you need 22 by putting a different value above it. (And you can always override it on the command line.)






share|improve this answer




















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );








     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f424755%2fhow-to-set-ssh-to-try-not-only-port-22-but-secondary-port-every-time%23new-answer', 'question_page');

    );

    Post as a guest






























    3 Answers
    3






    active

    oldest

    votes








    3 Answers
    3






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    11
    down vote



    accepted










    You could wrap a shell script around ssh but ssh itself will not do it.



    One way using a bash function is this (put into ~/.bashrc):



    function ssh() 


    By the way, it is recommended to use root-reserved ports for system services like ssh in order to avoid users from having a process that listens on, say, port 5492. They may otherwise play man in the middle and possibly capture login data. So, use a port < 1024.






    share|improve this answer


















    • 1




      That's a great solution. Also a great note on the ports!
      – Riley
      Feb 17 at 10:57






    • 5




      Note that the second connection will be made even if the first one succeeds if the command executed by ssh returns non-zero. A trivial example would be ssh user@server false.
      – Kusalananda
      Feb 17 at 14:44







    • 1




      @Kusalananda Thanks, I have written command now. Just wanted to avoid recursion, as you have guessed right.
      – Ned64
      Feb 17 at 14:52










    • The problem @Kusalananda mentions can be (mostly) avoided by testing the specific exit status of ssh -- if there's an ssh error (as opposed to the remote command failing), it'll exit with a status of 255. Thus, command ssh -p 22 "$@"; if [ "$?" -eq 255 ]; then command ssh -p 5492 "$@"; fi should work.
      – Gordon Davisson
      Feb 17 at 22:15














    up vote
    11
    down vote



    accepted










    You could wrap a shell script around ssh but ssh itself will not do it.



    One way using a bash function is this (put into ~/.bashrc):



    function ssh() 


    By the way, it is recommended to use root-reserved ports for system services like ssh in order to avoid users from having a process that listens on, say, port 5492. They may otherwise play man in the middle and possibly capture login data. So, use a port < 1024.






    share|improve this answer


















    • 1




      That's a great solution. Also a great note on the ports!
      – Riley
      Feb 17 at 10:57






    • 5




      Note that the second connection will be made even if the first one succeeds if the command executed by ssh returns non-zero. A trivial example would be ssh user@server false.
      – Kusalananda
      Feb 17 at 14:44







    • 1




      @Kusalananda Thanks, I have written command now. Just wanted to avoid recursion, as you have guessed right.
      – Ned64
      Feb 17 at 14:52










    • The problem @Kusalananda mentions can be (mostly) avoided by testing the specific exit status of ssh -- if there's an ssh error (as opposed to the remote command failing), it'll exit with a status of 255. Thus, command ssh -p 22 "$@"; if [ "$?" -eq 255 ]; then command ssh -p 5492 "$@"; fi should work.
      – Gordon Davisson
      Feb 17 at 22:15












    up vote
    11
    down vote



    accepted







    up vote
    11
    down vote



    accepted






    You could wrap a shell script around ssh but ssh itself will not do it.



    One way using a bash function is this (put into ~/.bashrc):



    function ssh() 


    By the way, it is recommended to use root-reserved ports for system services like ssh in order to avoid users from having a process that listens on, say, port 5492. They may otherwise play man in the middle and possibly capture login data. So, use a port < 1024.






    share|improve this answer














    You could wrap a shell script around ssh but ssh itself will not do it.



    One way using a bash function is this (put into ~/.bashrc):



    function ssh() 


    By the way, it is recommended to use root-reserved ports for system services like ssh in order to avoid users from having a process that listens on, say, port 5492. They may otherwise play man in the middle and possibly capture login data. So, use a port < 1024.







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Feb 17 at 14:50

























    answered Feb 17 at 9:54









    Ned64

    2,44411035




    2,44411035







    • 1




      That's a great solution. Also a great note on the ports!
      – Riley
      Feb 17 at 10:57






    • 5




      Note that the second connection will be made even if the first one succeeds if the command executed by ssh returns non-zero. A trivial example would be ssh user@server false.
      – Kusalananda
      Feb 17 at 14:44







    • 1




      @Kusalananda Thanks, I have written command now. Just wanted to avoid recursion, as you have guessed right.
      – Ned64
      Feb 17 at 14:52










    • The problem @Kusalananda mentions can be (mostly) avoided by testing the specific exit status of ssh -- if there's an ssh error (as opposed to the remote command failing), it'll exit with a status of 255. Thus, command ssh -p 22 "$@"; if [ "$?" -eq 255 ]; then command ssh -p 5492 "$@"; fi should work.
      – Gordon Davisson
      Feb 17 at 22:15












    • 1




      That's a great solution. Also a great note on the ports!
      – Riley
      Feb 17 at 10:57






    • 5




      Note that the second connection will be made even if the first one succeeds if the command executed by ssh returns non-zero. A trivial example would be ssh user@server false.
      – Kusalananda
      Feb 17 at 14:44







    • 1




      @Kusalananda Thanks, I have written command now. Just wanted to avoid recursion, as you have guessed right.
      – Ned64
      Feb 17 at 14:52










    • The problem @Kusalananda mentions can be (mostly) avoided by testing the specific exit status of ssh -- if there's an ssh error (as opposed to the remote command failing), it'll exit with a status of 255. Thus, command ssh -p 22 "$@"; if [ "$?" -eq 255 ]; then command ssh -p 5492 "$@"; fi should work.
      – Gordon Davisson
      Feb 17 at 22:15







    1




    1




    That's a great solution. Also a great note on the ports!
    – Riley
    Feb 17 at 10:57




    That's a great solution. Also a great note on the ports!
    – Riley
    Feb 17 at 10:57




    5




    5




    Note that the second connection will be made even if the first one succeeds if the command executed by ssh returns non-zero. A trivial example would be ssh user@server false.
    – Kusalananda
    Feb 17 at 14:44





    Note that the second connection will be made even if the first one succeeds if the command executed by ssh returns non-zero. A trivial example would be ssh user@server false.
    – Kusalananda
    Feb 17 at 14:44





    1




    1




    @Kusalananda Thanks, I have written command now. Just wanted to avoid recursion, as you have guessed right.
    – Ned64
    Feb 17 at 14:52




    @Kusalananda Thanks, I have written command now. Just wanted to avoid recursion, as you have guessed right.
    – Ned64
    Feb 17 at 14:52












    The problem @Kusalananda mentions can be (mostly) avoided by testing the specific exit status of ssh -- if there's an ssh error (as opposed to the remote command failing), it'll exit with a status of 255. Thus, command ssh -p 22 "$@"; if [ "$?" -eq 255 ]; then command ssh -p 5492 "$@"; fi should work.
    – Gordon Davisson
    Feb 17 at 22:15




    The problem @Kusalananda mentions can be (mostly) avoided by testing the specific exit status of ssh -- if there's an ssh error (as opposed to the remote command failing), it'll exit with a status of 255. Thus, command ssh -p 22 "$@"; if [ "$?" -eq 255 ]; then command ssh -p 5492 "$@"; fi should work.
    – Gordon Davisson
    Feb 17 at 22:15












    up vote
    9
    down vote













    ssh itself can do this via Match documented in ssh_config(5) though the documentation is somewhat sparse on examples. This form may be suitable if one wants to push the complexity into the SSH configuration though is restricted by the limitations of the ssh_config(5) syntax and may require some fiddling with for the desired outcome. Notably the custom port can either not be set or can be set wrongly from the previous Match attempt. This is why, below, it is set twice when tested for, or once for the default, and is not set when establishing the canonical defaults.



    # here we set the defaults for the host (no port!)
    Match !canonical host testhost
    CanonicalizeHostname yes
    Hostname 192.0.2.42
    IdentityFile ~/.ssh/id_blahblah
    ...
    # port available?
    Match canonical host 192.0.2.42 exec "is-ssh-up %h 2222"
    Port 2222
    # or the default port
    Match canonical host 192.0.2.42
    Port 22


    is-ssh-up merely checks whether something responds on the given port and might look like



    #!/usr/bin/env expect
    package require Tcl 8.5
    if [llength $argv] < 2
    puts stderr "Usage: is-ssh-up host port"
    exit 1

    puts stderr "is-ssh-up: DEBUG trying $argv"
    set socket [socket -async [lindex $argv 0] [lindex $argv 1]]
    chan event $socket readable [list exit 0]
    after 3000 [list exit 1]
    vwait godot





    share|improve this answer
















    • 1




      if-then-else in .ssh/config ? I wouldn't have believe it !!
      – Archemar
      Feb 18 at 9:56














    up vote
    9
    down vote













    ssh itself can do this via Match documented in ssh_config(5) though the documentation is somewhat sparse on examples. This form may be suitable if one wants to push the complexity into the SSH configuration though is restricted by the limitations of the ssh_config(5) syntax and may require some fiddling with for the desired outcome. Notably the custom port can either not be set or can be set wrongly from the previous Match attempt. This is why, below, it is set twice when tested for, or once for the default, and is not set when establishing the canonical defaults.



    # here we set the defaults for the host (no port!)
    Match !canonical host testhost
    CanonicalizeHostname yes
    Hostname 192.0.2.42
    IdentityFile ~/.ssh/id_blahblah
    ...
    # port available?
    Match canonical host 192.0.2.42 exec "is-ssh-up %h 2222"
    Port 2222
    # or the default port
    Match canonical host 192.0.2.42
    Port 22


    is-ssh-up merely checks whether something responds on the given port and might look like



    #!/usr/bin/env expect
    package require Tcl 8.5
    if [llength $argv] < 2
    puts stderr "Usage: is-ssh-up host port"
    exit 1

    puts stderr "is-ssh-up: DEBUG trying $argv"
    set socket [socket -async [lindex $argv 0] [lindex $argv 1]]
    chan event $socket readable [list exit 0]
    after 3000 [list exit 1]
    vwait godot





    share|improve this answer
















    • 1




      if-then-else in .ssh/config ? I wouldn't have believe it !!
      – Archemar
      Feb 18 at 9:56












    up vote
    9
    down vote










    up vote
    9
    down vote









    ssh itself can do this via Match documented in ssh_config(5) though the documentation is somewhat sparse on examples. This form may be suitable if one wants to push the complexity into the SSH configuration though is restricted by the limitations of the ssh_config(5) syntax and may require some fiddling with for the desired outcome. Notably the custom port can either not be set or can be set wrongly from the previous Match attempt. This is why, below, it is set twice when tested for, or once for the default, and is not set when establishing the canonical defaults.



    # here we set the defaults for the host (no port!)
    Match !canonical host testhost
    CanonicalizeHostname yes
    Hostname 192.0.2.42
    IdentityFile ~/.ssh/id_blahblah
    ...
    # port available?
    Match canonical host 192.0.2.42 exec "is-ssh-up %h 2222"
    Port 2222
    # or the default port
    Match canonical host 192.0.2.42
    Port 22


    is-ssh-up merely checks whether something responds on the given port and might look like



    #!/usr/bin/env expect
    package require Tcl 8.5
    if [llength $argv] < 2
    puts stderr "Usage: is-ssh-up host port"
    exit 1

    puts stderr "is-ssh-up: DEBUG trying $argv"
    set socket [socket -async [lindex $argv 0] [lindex $argv 1]]
    chan event $socket readable [list exit 0]
    after 3000 [list exit 1]
    vwait godot





    share|improve this answer












    ssh itself can do this via Match documented in ssh_config(5) though the documentation is somewhat sparse on examples. This form may be suitable if one wants to push the complexity into the SSH configuration though is restricted by the limitations of the ssh_config(5) syntax and may require some fiddling with for the desired outcome. Notably the custom port can either not be set or can be set wrongly from the previous Match attempt. This is why, below, it is set twice when tested for, or once for the default, and is not set when establishing the canonical defaults.



    # here we set the defaults for the host (no port!)
    Match !canonical host testhost
    CanonicalizeHostname yes
    Hostname 192.0.2.42
    IdentityFile ~/.ssh/id_blahblah
    ...
    # port available?
    Match canonical host 192.0.2.42 exec "is-ssh-up %h 2222"
    Port 2222
    # or the default port
    Match canonical host 192.0.2.42
    Port 22


    is-ssh-up merely checks whether something responds on the given port and might look like



    #!/usr/bin/env expect
    package require Tcl 8.5
    if [llength $argv] < 2
    puts stderr "Usage: is-ssh-up host port"
    exit 1

    puts stderr "is-ssh-up: DEBUG trying $argv"
    set socket [socket -async [lindex $argv 0] [lindex $argv 1]]
    chan event $socket readable [list exit 0]
    after 3000 [list exit 1]
    vwait godot






    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Feb 17 at 16:22









    thrig

    22.3k12852




    22.3k12852







    • 1




      if-then-else in .ssh/config ? I wouldn't have believe it !!
      – Archemar
      Feb 18 at 9:56












    • 1




      if-then-else in .ssh/config ? I wouldn't have believe it !!
      – Archemar
      Feb 18 at 9:56







    1




    1




    if-then-else in .ssh/config ? I wouldn't have believe it !!
    – Archemar
    Feb 18 at 9:56




    if-then-else in .ssh/config ? I wouldn't have believe it !!
    – Archemar
    Feb 18 at 9:56










    up vote
    1
    down vote













    You can use the wildcard function of ~.ssh/config, putting this entry in your list:



    Host *
    Port 5492


    But this won't fall back to 22 by itself.



    If you put it at the end, you can still override it for those hosts were you need 22 by putting a different value above it. (And you can always override it on the command line.)






    share|improve this answer
























      up vote
      1
      down vote













      You can use the wildcard function of ~.ssh/config, putting this entry in your list:



      Host *
      Port 5492


      But this won't fall back to 22 by itself.



      If you put it at the end, you can still override it for those hosts were you need 22 by putting a different value above it. (And you can always override it on the command line.)






      share|improve this answer






















        up vote
        1
        down vote










        up vote
        1
        down vote









        You can use the wildcard function of ~.ssh/config, putting this entry in your list:



        Host *
        Port 5492


        But this won't fall back to 22 by itself.



        If you put it at the end, you can still override it for those hosts were you need 22 by putting a different value above it. (And you can always override it on the command line.)






        share|improve this answer












        You can use the wildcard function of ~.ssh/config, putting this entry in your list:



        Host *
        Port 5492


        But this won't fall back to 22 by itself.



        If you put it at the end, you can still override it for those hosts were you need 22 by putting a different value above it. (And you can always override it on the command line.)







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Feb 17 at 14:38









        PaÅ­lo Ebermann

        32028




        32028






















             

            draft saved


            draft discarded


























             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f424755%2fhow-to-set-ssh-to-try-not-only-port-22-but-secondary-port-every-time%23new-answer', 'question_page');

            );

            Post as a guest













































































            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?