Cristi_E
asked on
Ssh port change on linux not working
Hi,
I'm running centos 5.5 and I changed the port (in the sshd_config) from 22 to random number (eg. 2222) and now I can't ssh into server. Keep in mind that i'm only accessing through putty only. Whenever I change the default port back to "22", I can then login via ssh on the server.
Please help!
Thanks!
I'm running centos 5.5 and I changed the port (in the sshd_config) from 22 to random number (eg. 2222) and now I can't ssh into server. Keep in mind that i'm only accessing through putty only. Whenever I change the default port back to "22", I can then login via ssh on the server.
Please help!
Thanks!
ASKER
1) Did you restart sshd after making changes in sshd_config?
A: Yes
2) Did you configure the new port in PuTTY?
A: Yes
3) Is there a firewall inbetween blocking ports other than port 22?
A: I don't know how to check!
A: Yes
2) Did you configure the new port in PuTTY?
A: Yes
3) Is there a firewall inbetween blocking ports other than port 22?
A: I don't know how to check!
check firewall setting. By default - firewall is on & accept ssh on port 22
On the ssh server ssh_hostname:
nc -l -p 2222
On Windowns cmdline:
telnet ssh_hostname 2222
If you don't get "Connected to ..." the port is most probably blocked.
wmp
nc -l -p 2222
On Windowns cmdline:
telnet ssh_hostname 2222
If you don't get "Connected to ..." the port is most probably blocked.
wmp
To check your firewall:
To remove all rules from firewall
Check TCP wrappers
vi /etc/hosts.allow
Add the following line at the top of the file
service iptables status
iptables -L
To remove all rules from firewall
iptables -F
service iptables stop
chkconfig iptables off
Check TCP wrappers
vi /etc/hosts.allow
Add the following line at the top of the file
sshd : allow
Sorry for TCP Wrappers I meant
sshd : ALL
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
It seems that if i stop the iptables with the command below it works just fine.
It seems that if i stop the iptables with the command below it works just fine.
service iptables stop
So please help me to add a rule to allow me to connect even if the iptables is started!
You can list your IP tables and look at the rules.
Modified the line which supports SSH or add in a new rule to allow the packet traffic for port 2222.
Modified the line which supports SSH or add in a new rule to allow the packet traffic for port 2222.
just add rule for iptables
# iptables -A INPUT -m state -p tcp -d <your_ip> --sport 1024:65535 --dport <your_ssh_port> --state NEW,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT -m state -p tcp -s <your_ip> --dport 1024:65535 --sport <your_ssh_port> --state ESTABLISHED -j ACCEPT
You may add this rules to /ets/sysconfig/iptables
# iptables -A INPUT -m state -p tcp -d <your_ip> --sport 1024:65535 --dport <your_ssh_port> --state NEW,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT -m state -p tcp -s <your_ip> --dport 1024:65535 --sport <your_ssh_port> --state ESTABLISHED -j ACCEPT
You may add this rules to /ets/sysconfig/iptables
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ALLOW => ACCEPT
ASKER
mchkorg :
Your "iptables -I INPUT -p tcp --dport 2222 -j ACCEPT" works, but how can i make it persistent?
When i restart iptables it is gone!
Thanks!
Your "iptables -I INPUT -p tcp --dport 2222 -j ACCEPT" works, but how can i make it persistent?
When i restart iptables it is gone!
Thanks!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The only thing you need to do to keep it persistent after reboot is
chkconfig iptables on
Firewall run
SSH server port is 22 not 2222
ACCEPT is used in iptables
ALLOW is used in TCP-Wrappers
Configure both.
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A OUTPUT -p tcp --sport ssh -j ACCEPT
SSH server port is 22 not 2222
ACCEPT is used in iptables
ALLOW is used in TCP-Wrappers
Configure both.
In his case, he's trying to run sshd on 2222
So it's definitely 2222
About ALLOW : my mistake. That's why I corrected the message after
So it's definitely 2222
About ALLOW : my mistake. That's why I corrected the message after
Didn't mean to offend.
>> from 22 to random number (eg. 2222)
I take server is same old 22 and client as usual can be any random number. This is my take.
Therefore, when you give your iptables rules, dport refers to the server port not the client.
Sorry to offend.
>> from 22 to random number (eg. 2222)
I take server is same old 22 and client as usual can be any random number. This is my take.
Therefore, when you give your iptables rules, dport refers to the server port not the client.
Sorry to offend.
Looks like your rule works too. So, great!
no pb
ASKER
Thank you all for help!
2) Did you configure the new port in PuTTY?
3) Is there a firewall inbetween blocking ports other than port 22?
wmp