LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-04-2014, 06:32 AM   #1
rjo98
Senior Member
 
Registered: Jun 2009
Location: US
Distribution: RHEL, CentOS
Posts: 1,674

Rep: Reputation: 47
Changed server IP, now can't ssh to server


I had to change the IP address of a server, but now i can't ssh to it. if i do a ps aux|grep ssh all i get back is my grep command. any ideas?
 
Old 02-04-2014, 06:35 AM   #2
rjo98
Senior Member
 
Registered: Jun 2009
Location: US
Distribution: RHEL, CentOS
Posts: 1,674

Original Poster
Rep: Reputation: 47
/etc/ssh/sshd_config has the old IP!! do i even need ListenAddress configured really?
 
Old 02-04-2014, 07:02 AM   #3
zhjim
Senior Member
 
Registered: Oct 2004
Distribution: Debian Squeeze x86_64
Posts: 1,748
Blog Entries: 11

Rep: Reputation: 233Reputation: 233Reputation: 233
You dont really need it. Most daemons default to listen on all interfaces on all IP's if no special options is set. Thats the magic 0.0.0.0:number thing you'll see in the output of netstat -tulpn.

So in case you only have one IP address and one interface you don't need to set ListenAddress. But for the case where you have a gateway with two interfaces and two ip's you might want to only have ssh listen on the internal site to be more on the safe side.

Last edited by zhjim; 02-04-2014 at 07:45 AM. Reason: remove smily :P
 
1 members found this post helpful.
Old 02-04-2014, 07:17 AM   #4
Isaac Velando
LQ Newbie
 
Registered: Feb 2014
Location: Texas
Distribution: Arch, Ubuntu Server, CentOS
Posts: 29

Rep: Reputation: 21
If ListenAddress isn't specified then sshd will listen on all available IPs. If your server only has one static IP address at a time it's unnecessary to specify it (you should be able to just comment the line out and leave it to this default behavior). Otherwise, you should specify it only if your goal is to restrict it to only one of the server's IP addresses (this would mainly be for security purposes). You can also explicitly set

Code:
# All IPV4 Addresses
ListenAddress 0.0.0.0

# All IPV6 Addresses
ListenAddress ::
if you want to just want to clarify the default behavior for your own reference. Whatever the case you can verify your configuration by checking

Code:
sudo netstat -tulpn | grep ssh
tcp        0      0 0.0.0.0:16              0.0.0.0:*               LISTEN      445/sshd
tcp6       0      0 :::16                   :::*                    LISTEN      445/sshd
which for me shows that sshd listens on every IP I have (which happens to be just one). As a final note, I have a few tips to safely update sshd configuration you may find useful:
  1. Before changing your sshd_config make sure to keep a read-only backup of the current working version:
    Code:
    cp sshd_config sshd_config.original
    chmod 400 sshd_config.original
  2. Code:
    sshd -t
    this will test your sshd_config and report any errors it finds without actually launching the daemon
  3. If you reload your sshd for a configuration update, stay logged in with that ssh session and try to open a fresh one to the same server before you exit the original session used to update the configuration
  4. You can also write a script to reload the configuration and after a set amount of time, say 60 seconds, copy the working backup configuration and reload again in case you got locked out (this is especially useful for iptables updates). You can either run the script with
    Code:
    nohup /path/to/script.sh &
    or run it in screen/tmux.
 
1 members found this post helpful.
Old 02-04-2014, 07:41 AM   #5
rjo98
Senior Member
 
Registered: Jun 2009
Location: US
Distribution: RHEL, CentOS
Posts: 1,674

Original Poster
Rep: Reputation: 47
Thanks guys. I never actually configured that setting before, as most my servers just have one active NIC, and figured it was mostly to enhance security. Thanks for all the explanations, real helpful.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] scp/ssh to cygwin server from linux server without password prompt... blainemiller Linux - Server 7 05-18-2011 03:04 PM
[SOLVED] Configuring the Linux server to login to Windows server without password using SSH srajeshkumar Linux - Server 2 03-09-2011 10:49 PM
Server id has changed on ubuntu 7.10 so unable to ssh in ... curtisa Linux - Security 3 05-15-2008 07:06 AM
Unable to access my ssh server and ftp server from the Internet, but smtp works foxone Linux - Networking 1 05-28-2004 06:17 PM


All times are GMT -5. The time now is 07:05 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration