Solved

Ssh port change on linux not working

Posted on 2011-02-16
22
508 Views
Last Modified: 2012-08-14
Hi,
I'm running centos 5.5 and I changed the port (in the sshd_config) from 22 to random number (eg. 2222) and now I can't ssh into server. Keep in mind that i'm only accessing through putty only. Whenever I change the default port back to "22", I can then login via ssh on the server.

Please help!

Thanks!

0
Comment
Question by:Cristi_E
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 4
  • +3
22 Comments
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 34905696
1) Did you restart sshd after making changes in sshd_config?
2) Did you configure the new port in PuTTY?
3) Is there a firewall inbetween blocking ports other than port 22?

wmp
0
 
LVL 4

Author Comment

by:Cristi_E
ID: 34905715
1) Did you restart sshd after making changes in sshd_config?
A: Yes

2) Did you configure the new port in PuTTY?
A: Yes

3) Is there a firewall inbetween blocking ports other than port 22?
A: I don't know how to check!
0
 
LVL 2

Expert Comment

by:nimda7
ID: 34905744
check firewall setting. By default - firewall is on & accept ssh on port 22
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 68

Expert Comment

by:woolmilkporc
ID: 34905754
On the ssh server ssh_hostname:

nc -l -p 2222

On Windowns cmdline:

telnet ssh_hostname 2222

If you don't get "Connected to ..." the port is most probably blocked.

wmp
0
 
LVL 31

Expert Comment

by:farzanj
ID: 34907531
To check your firewall:
service iptables status
iptables -L

Open in new window


To remove all rules from firewall
iptables -F
service iptables stop
chkconfig iptables off

Open in new window


Check TCP wrappers
vi /etc/hosts.allow

Add the following line at the top of the file
 
sshd : allow

Open in new window

0
 
LVL 31

Expert Comment

by:farzanj
ID: 34908678
Sorry for TCP Wrappers I meant


sshd : ALL

Open in new window

0
 
LVL 7

Accepted Solution

by:
mchkorg earned 400 total points
ID: 34914550
Hi,
To be sure you can contact your ssh server on another port:

1) check if it's really running where you think on the server :
locally, "telnet localhost 2222". It should give you a standard sshd reply, like:
telnet localhost 2222
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.1p1 Debian-5

Open in new window


2) From your windows computer (ssh/putty client), do the same remotely :
telnet your_server 2222
You'll see if it answers.
If not, you have some firewall blocking between your client and server.
Check with iptables as mentionned above
Provided you don't have some firewall between them
Check also if your local windows pc client don't have a firewall blocking outgoing trafic.

I hope it helps
0
 
LVL 4

Author Comment

by:Cristi_E
ID: 34914688
Hi,
It seems that if i stop the iptables with the command below it works just fine.
service iptables stop

Open in new window

So please help me to add a rule to allow me to connect even if the iptables is started!

0
 
LVL 12

Expert Comment

by:asidu
ID: 34914794
You can list your IP tables and look at the rules.
Modified the line which supports SSH or add in a new rule to allow the packet traffic for port 2222.

0
 
LVL 2

Expert Comment

by:nimda7
ID: 34914798
just add rule for iptables
# iptables -A INPUT -m state -p tcp -d <your_ip> --sport 1024:65535 --dport <your_ssh_port> --state NEW,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT -m state -p tcp -s <your_ip> --dport 1024:65535 --sport <your_ssh_port> --state ESTABLISHED -j ACCEPT

You may add this rules to /ets/sysconfig/iptables
0
 
LVL 7

Assisted Solution

by:mchkorg
mchkorg earned 400 total points
ID: 34914830
In my memories :
iptables -I INPUT -p tcp --dport 2222 -j ALLOW
0
 
LVL 7

Expert Comment

by:mchkorg
ID: 34914901
ALLOW => ACCEPT
0
 
LVL 4

Author Comment

by:Cristi_E
ID: 34915138
mchkorg :
Your "iptables -I INPUT -p tcp --dport 2222 -j ACCEPT" works, but how can i make it persistent?
When i restart iptables it is gone!

Thanks!
0
 
LVL 7

Assisted Solution

by:mchkorg
mchkorg earned 400 total points
ID: 34915321
You could
iptables-save > some_etc_file

Open in new window

and when rebooting/restarting,
iptables-restore < some_etc_file

Open in new window

You could restore your iptables rules in a script started with your net interface, like in /etc/network/if-up.d

Regards,

I don't exactly remember all this because I use shorewall instead of iptables. Shorewall is a higher-level tool with a simple syntax. It calls iptables at the end, of course.
If you have to manage a complicated firewall, it's much much easier
You write stuff like :
ALLOW loc $FW tcp 2222 # allows incoming from your LOCal network to your FireWall for tcp/2222
0
 
LVL 31

Assisted Solution

by:farzanj
farzanj earned 100 total points
ID: 34915479
TO save your iptables rules issue the following command
service iptables save

Open in new window

0
 
LVL 31

Expert Comment

by:farzanj
ID: 34915757
The only thing you need to do to keep it persistent after reboot is

 
chkconfig iptables on

Open in new window

0
 
LVL 31

Expert Comment

by:farzanj
ID: 34915841
Firewall run

iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A OUTPUT -p tcp --sport ssh -j ACCEPT

Open in new window


SSH server port is 22 not 2222

ACCEPT is used in iptables
ALLOW is used in TCP-Wrappers

Configure both.
0
 
LVL 7

Expert Comment

by:mchkorg
ID: 34916415
In his case, he's trying to run sshd on 2222
So it's definitely 2222
About ALLOW : my mistake. That's why I corrected the message after
0
 
LVL 31

Expert Comment

by:farzanj
ID: 34916487
Didn't mean to offend.

>>  from 22 to random number (eg. 2222)

I take server is same old 22 and client as usual can be any random number.  This is my take.

Therefore, when you give your iptables rules, dport refers to the server port not the client.


Sorry to offend.
0
 
LVL 31

Expert Comment

by:farzanj
ID: 34916522
Looks like your rule works too.  So, great!
0
 
LVL 7

Expert Comment

by:mchkorg
ID: 34916687
no pb
0
 
LVL 4

Author Closing Comment

by:Cristi_E
ID: 34924487
Thank you all for help!
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question