Solved

Ssh port change on linux not working

Posted on 2011-02-16
22
502 Views
Last Modified: 2012-08-14
Hi,
I'm running centos 5.5 and I changed the port (in the sshd_config) from 22 to random number (eg. 2222) and now I can't ssh into server. Keep in mind that i'm only accessing through putty only. Whenever I change the default port back to "22", I can then login via ssh on the server.

Please help!

Thanks!

0
Comment
Question by:Cristi_E
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 4
  • +3
22 Comments
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 34905696
1) Did you restart sshd after making changes in sshd_config?
2) Did you configure the new port in PuTTY?
3) Is there a firewall inbetween blocking ports other than port 22?

wmp
0
 
LVL 4

Author Comment

by:Cristi_E
ID: 34905715
1) Did you restart sshd after making changes in sshd_config?
A: Yes

2) Did you configure the new port in PuTTY?
A: Yes

3) Is there a firewall inbetween blocking ports other than port 22?
A: I don't know how to check!
0
 
LVL 2

Expert Comment

by:nimda7
ID: 34905744
check firewall setting. By default - firewall is on & accept ssh on port 22
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 
LVL 68

Expert Comment

by:woolmilkporc
ID: 34905754
On the ssh server ssh_hostname:

nc -l -p 2222

On Windowns cmdline:

telnet ssh_hostname 2222

If you don't get "Connected to ..." the port is most probably blocked.

wmp
0
 
LVL 31

Expert Comment

by:farzanj
ID: 34907531
To check your firewall:
service iptables status
iptables -L

Open in new window


To remove all rules from firewall
iptables -F
service iptables stop
chkconfig iptables off

Open in new window


Check TCP wrappers
vi /etc/hosts.allow

Add the following line at the top of the file
 
sshd : allow

Open in new window

0
 
LVL 31

Expert Comment

by:farzanj
ID: 34908678
Sorry for TCP Wrappers I meant


sshd : ALL

Open in new window

0
 
LVL 7

Accepted Solution

by:
mchkorg earned 400 total points
ID: 34914550
Hi,
To be sure you can contact your ssh server on another port:

1) check if it's really running where you think on the server :
locally, "telnet localhost 2222". It should give you a standard sshd reply, like:
telnet localhost 2222
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.1p1 Debian-5

Open in new window


2) From your windows computer (ssh/putty client), do the same remotely :
telnet your_server 2222
You'll see if it answers.
If not, you have some firewall blocking between your client and server.
Check with iptables as mentionned above
Provided you don't have some firewall between them
Check also if your local windows pc client don't have a firewall blocking outgoing trafic.

I hope it helps
0
 
LVL 4

Author Comment

by:Cristi_E
ID: 34914688
Hi,
It seems that if i stop the iptables with the command below it works just fine.
service iptables stop

Open in new window

So please help me to add a rule to allow me to connect even if the iptables is started!

0
 
LVL 12

Expert Comment

by:asidu
ID: 34914794
You can list your IP tables and look at the rules.
Modified the line which supports SSH or add in a new rule to allow the packet traffic for port 2222.

0
 
LVL 2

Expert Comment

by:nimda7
ID: 34914798
just add rule for iptables
# iptables -A INPUT -m state -p tcp -d <your_ip> --sport 1024:65535 --dport <your_ssh_port> --state NEW,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT -m state -p tcp -s <your_ip> --dport 1024:65535 --sport <your_ssh_port> --state ESTABLISHED -j ACCEPT

You may add this rules to /ets/sysconfig/iptables
0
 
LVL 7

Assisted Solution

by:mchkorg
mchkorg earned 400 total points
ID: 34914830
In my memories :
iptables -I INPUT -p tcp --dport 2222 -j ALLOW
0
 
LVL 7

Expert Comment

by:mchkorg
ID: 34914901
ALLOW => ACCEPT
0
 
LVL 4

Author Comment

by:Cristi_E
ID: 34915138
mchkorg :
Your "iptables -I INPUT -p tcp --dport 2222 -j ACCEPT" works, but how can i make it persistent?
When i restart iptables it is gone!

Thanks!
0
 
LVL 7

Assisted Solution

by:mchkorg
mchkorg earned 400 total points
ID: 34915321
You could
iptables-save > some_etc_file

Open in new window

and when rebooting/restarting,
iptables-restore < some_etc_file

Open in new window

You could restore your iptables rules in a script started with your net interface, like in /etc/network/if-up.d

Regards,

I don't exactly remember all this because I use shorewall instead of iptables. Shorewall is a higher-level tool with a simple syntax. It calls iptables at the end, of course.
If you have to manage a complicated firewall, it's much much easier
You write stuff like :
ALLOW loc $FW tcp 2222 # allows incoming from your LOCal network to your FireWall for tcp/2222
0
 
LVL 31

Assisted Solution

by:farzanj
farzanj earned 100 total points
ID: 34915479
TO save your iptables rules issue the following command
service iptables save

Open in new window

0
 
LVL 31

Expert Comment

by:farzanj
ID: 34915757
The only thing you need to do to keep it persistent after reboot is

 
chkconfig iptables on

Open in new window

0
 
LVL 31

Expert Comment

by:farzanj
ID: 34915841
Firewall run

iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A OUTPUT -p tcp --sport ssh -j ACCEPT

Open in new window


SSH server port is 22 not 2222

ACCEPT is used in iptables
ALLOW is used in TCP-Wrappers

Configure both.
0
 
LVL 7

Expert Comment

by:mchkorg
ID: 34916415
In his case, he's trying to run sshd on 2222
So it's definitely 2222
About ALLOW : my mistake. That's why I corrected the message after
0
 
LVL 31

Expert Comment

by:farzanj
ID: 34916487
Didn't mean to offend.

>>  from 22 to random number (eg. 2222)

I take server is same old 22 and client as usual can be any random number.  This is my take.

Therefore, when you give your iptables rules, dport refers to the server port not the client.


Sorry to offend.
0
 
LVL 31

Expert Comment

by:farzanj
ID: 34916522
Looks like your rule works too.  So, great!
0
 
LVL 7

Expert Comment

by:mchkorg
ID: 34916687
no pb
0
 
LVL 4

Author Closing Comment

by:Cristi_E
ID: 34924487
Thank you all for help!
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question