Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 517
  • Last Modified:

Ssh port change on linux not working

Hi,
I'm running centos 5.5 and I changed the port (in the sshd_config) from 22 to random number (eg. 2222) and now I can't ssh into server. Keep in mind that i'm only accessing through putty only. Whenever I change the default port back to "22", I can then login via ssh on the server.

Please help!

Thanks!

0
Cristi_E
Asked:
Cristi_E
  • 7
  • 6
  • 4
  • +3
4 Solutions
 
woolmilkporcCommented:
1) Did you restart sshd after making changes in sshd_config?
2) Did you configure the new port in PuTTY?
3) Is there a firewall inbetween blocking ports other than port 22?

wmp
0
 
Cristi_EAuthor Commented:
1) Did you restart sshd after making changes in sshd_config?
A: Yes

2) Did you configure the new port in PuTTY?
A: Yes

3) Is there a firewall inbetween blocking ports other than port 22?
A: I don't know how to check!
0
 
nimda7Commented:
check firewall setting. By default - firewall is on & accept ssh on port 22
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
woolmilkporcCommented:
On the ssh server ssh_hostname:

nc -l -p 2222

On Windowns cmdline:

telnet ssh_hostname 2222

If you don't get "Connected to ..." the port is most probably blocked.

wmp
0
 
farzanjCommented:
To check your firewall:
service iptables status
iptables -L

Open in new window


To remove all rules from firewall
iptables -F
service iptables stop
chkconfig iptables off

Open in new window


Check TCP wrappers
vi /etc/hosts.allow

Add the following line at the top of the file
 
sshd : allow

Open in new window

0
 
farzanjCommented:
Sorry for TCP Wrappers I meant


sshd : ALL

Open in new window

0
 
mchkorgCommented:
Hi,
To be sure you can contact your ssh server on another port:

1) check if it's really running where you think on the server :
locally, "telnet localhost 2222". It should give you a standard sshd reply, like:
telnet localhost 2222
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.1p1 Debian-5

Open in new window


2) From your windows computer (ssh/putty client), do the same remotely :
telnet your_server 2222
You'll see if it answers.
If not, you have some firewall blocking between your client and server.
Check with iptables as mentionned above
Provided you don't have some firewall between them
Check also if your local windows pc client don't have a firewall blocking outgoing trafic.

I hope it helps
0
 
Cristi_EAuthor Commented:
Hi,
It seems that if i stop the iptables with the command below it works just fine.
service iptables stop

Open in new window

So please help me to add a rule to allow me to connect even if the iptables is started!

0
 
asiduCommented:
You can list your IP tables and look at the rules.
Modified the line which supports SSH or add in a new rule to allow the packet traffic for port 2222.

0
 
nimda7Commented:
just add rule for iptables
# iptables -A INPUT -m state -p tcp -d <your_ip> --sport 1024:65535 --dport <your_ssh_port> --state NEW,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT -m state -p tcp -s <your_ip> --dport 1024:65535 --sport <your_ssh_port> --state ESTABLISHED -j ACCEPT

You may add this rules to /ets/sysconfig/iptables
0
 
mchkorgCommented:
In my memories :
iptables -I INPUT -p tcp --dport 2222 -j ALLOW
0
 
mchkorgCommented:
ALLOW => ACCEPT
0
 
Cristi_EAuthor Commented:
mchkorg :
Your "iptables -I INPUT -p tcp --dport 2222 -j ACCEPT" works, but how can i make it persistent?
When i restart iptables it is gone!

Thanks!
0
 
mchkorgCommented:
You could
iptables-save > some_etc_file

Open in new window

and when rebooting/restarting,
iptables-restore < some_etc_file

Open in new window

You could restore your iptables rules in a script started with your net interface, like in /etc/network/if-up.d

Regards,

I don't exactly remember all this because I use shorewall instead of iptables. Shorewall is a higher-level tool with a simple syntax. It calls iptables at the end, of course.
If you have to manage a complicated firewall, it's much much easier
You write stuff like :
ALLOW loc $FW tcp 2222 # allows incoming from your LOCal network to your FireWall for tcp/2222
0
 
farzanjCommented:
TO save your iptables rules issue the following command
service iptables save

Open in new window

0
 
farzanjCommented:
The only thing you need to do to keep it persistent after reboot is

 
chkconfig iptables on

Open in new window

0
 
farzanjCommented:
Firewall run

iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A OUTPUT -p tcp --sport ssh -j ACCEPT

Open in new window


SSH server port is 22 not 2222

ACCEPT is used in iptables
ALLOW is used in TCP-Wrappers

Configure both.
0
 
mchkorgCommented:
In his case, he's trying to run sshd on 2222
So it's definitely 2222
About ALLOW : my mistake. That's why I corrected the message after
0
 
farzanjCommented:
Didn't mean to offend.

>>  from 22 to random number (eg. 2222)

I take server is same old 22 and client as usual can be any random number.  This is my take.

Therefore, when you give your iptables rules, dport refers to the server port not the client.


Sorry to offend.
0
 
farzanjCommented:
Looks like your rule works too.  So, great!
0
 
mchkorgCommented:
no pb
0
 
Cristi_EAuthor Commented:
Thank you all for help!
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

  • 7
  • 6
  • 4
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now