Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Security: SSH Port Change CentOS 7
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Security: SSH Port Change CentOS 7

thought i would ask this question here, assuming this is a general centos thing and not specific to my provider.

I have been setting up a new VPS (Centos 7 x64), and was doing my usual setup process. And every time, i get stuck at the SSH Port change. I have few other Centos 6 VPS's (with different provider) and they all work fine with this process.

Following this guide: https://www.digitalocean.com/community/tutorials/initial-server-setup-with-centos-7

Doing Step 1, 2, 3, 5, and 6. (Skipping step 4 for now, as i dont wnat to setup the keys). But after reloading my putty to connect via SSH using the new port, i get a "connection timed out".

Am i doing something wrong here?

tried few ports, and tried restarting/reinstalling etc as well. No luck. Any one have been through this before?

Cheers.

Comments

  • decaydecay Member

    just to add, after changing the port, I cannot connect using port 22 either, it throws an error "connection refused", which is expected.

  • Simply install google's 2 auth and no need to change the port.

  • Did you open the port in the firewall?

  • decaydecay Member

    OnraHost said: Did you open the port in the firewall?

    Noop, i assumed this is the issue. Can someone direct me to find out how to do this?

    Cheers.

  • MelitaMelita Member, Host Rep
    edited March 2015
    1. look if the firewall is blocking your ssh on custom port (most likely this is the case, since I didn't see firewall mentioned on the tutorial)
      firewall-cmd --permanent --remove-service=ssh
      firewall-cmd --permanent --add-port=CUSTOMPORT/tcp
      firewall-cmd --reload

    2. (most likely this is not the case since it's a VPS) if selinux is enabled, sshd won't start at all on any other port than 22:
      yum -y install policycoreutils-python
      semanage port -a -t ssh_port_t -p tcp CUSTOMPORT

    Replace CUSTOMPORT with your own customized port number for ssh. Or alternatively, just use SSH keys since security by obscurity isn't a best practice.

  • i see in your link digitalocean in step (Change SSH Port (Optional) )
    they change a port 22 into 4444

    may be you can login to your server with port 4444

    $ ssh root@ipaddressyourserver -p 4444

  • decaydecay Member

    Melita said: look if the firewall is blocking your ssh on custom port (most likely this is the case, since I didn't see firewall mentioned on the tutorial)

    firewall-cmd --permanent --remove-service=ssh
    firewall-cmd --permanent --add-port=CUSTOMPORT/tcp
    firewall-cmd --reload

    (most likely this is not the case since it's a VPS) if selinux is enabled, sshd won't start at all on any other port than 22:

    yum -y install policycoreutils-python
    semanage port -a -t ssh_port_t -p tcp CUSTOMPORT

    Noop, no luck. Tried both :( Might contact the Host and see.

  • sinsin Member

    After you change the ssh port, restart/reload ssh service, and make sure the new port is open through your firewall...CentOS 7 uses firewalld and it is likely blocking your new ssh port.

  • "cat /etc/ssh/sshd_config | grep Port" tells you which port sshd listens on.

    Editing that file and restarting sshd you can change it.

  • decaydecay Member
    edited March 2015

    sin said: After you change the ssh port, restart/reload ssh service, and make sure the new port is open through your firewall...CentOS 7 uses firewalld and it is likely blocking your new ssh port.

    So you are saying, Melita's commands are incorrect? Instead of firewall-cmd, i should use something else?

    Melita said: firewall-cmd --permanent --remove-service=ssh

    firewall-cmd --permanent --add-port=CUSTOMPORT/tcp
    firewall-cmd --reload

  • decaydecay Member

    Problem solved by using this:
    https://www.liberiangeek.net/2014/11/change-openssh-port-centos-7/

    Cheers for all the help.

Sign In or Register to comment.