Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
![Reply](https://www.linuxquestions.org/questions/images/buttons/reply.gif) |
|
10-12-2016, 06:18 AM
|
#1
|
LQ Newbie
Registered: Jan 2006
Location: China
Distribution: Fedora
Posts: 28
Rep:
|
How to change SSH port 22 to new one and make Linux system know the new SSH port?
Hello,
I want to mask one server SSH port 22 to another one and make the Linux know the new port to be assigned to SSH.
I added "Port 7890" to /etc/ssh/sshd_config file and restart the sshd service and the port 7890 can be used for SSH login.
However, when I use "nmap localhost" command, I cannot get ssh on the output list to link with port 7890.
How could I make the Linux system to know the new SSH port?
Thanks,
SSCN
|
|
|
10-12-2016, 06:26 AM
|
#2
|
LQ Guru
Registered: Dec 2008
Location: Westgate-on-Sea, Kent, UK
Distribution: Debian Testing Amd64
Posts: 5,465
Rep: ![Reputation: Disabled](https://www.linuxquestions.org/questions/images/reputation/reputation_off.gif)
|
Duckduckgo is your friend. A quick search will turn up a solution. Here's a good one
jdk
|
|
|
10-12-2016, 06:45 AM
|
#3
|
LQ Guru
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,634
|
If you can log in on the new port, then it is set up ok. That's the proof right there.
About the scans, which options, specifically, do you use with "nmap" to do the scan?
Usually for accurate results, you must do your scan from a second machine.
|
|
|
10-12-2016, 07:15 AM
|
#4
|
LQ Newbie
Registered: Jan 2006
Location: China
Distribution: Fedora
Posts: 28
Original Poster
Rep:
|
Tried but new SSH port not recoginze by nmap
Hello jdkaye,
I tried it and I could use the new port for SSH login.
However, "nmap localhost" command still has no SSH service port info.
I want to know how to make SSH new port visible to nmap command.
Thanks a lot,
SSCN
|
|
|
10-12-2016, 07:22 AM
|
#5
|
LQ Newbie
Registered: Jan 2006
Location: China
Distribution: Fedora
Posts: 28
Original Poster
Rep:
|
New port works but not for nmap
Quote:
Originally Posted by Turbocapitalist
If you can log in on the new port, then it is set up ok. That's the proof right there.
About the scans, which options, specifically, do you use with "nmap" to do the scan?
Usually for accurate results, you must do your scan from a second machine.
|
"nmap localhost" didn't have ssh service info.
If I use 2252, nmap would show the port but system shows the port "unknow".
If I use 50683, nmap would not be able to show the port at all. So new SSH port is unknown to system.
|
|
|
10-12-2016, 07:28 AM
|
#6
|
LQ Newbie
Registered: Jan 2006
Location: China
Distribution: Fedora
Posts: 28
Original Poster
Rep:
|
netstat can know SSH new port but not for nmap
"netstat -tulpn" could show sshd using the new port.
My question is how to make nmap to know new SSH port and display the info from the commmand "nmap localhost".
Thanks in advance,
SSCN
Last edited by sscn; 10-12-2016 at 07:29 AM.
|
|
|
10-12-2016, 07:30 AM
|
#7
|
LQ Sage
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~amd64
Posts: 7,675
Rep: ![Reputation: Disabled](https://www.linuxquestions.org/questions/images/reputation/reputation_off.gif)
|
|
|
1 members found this post helpful.
|
10-12-2016, 07:34 AM
|
#8
|
Moderator
Registered: Aug 2002
Posts: 26,456
|
The output of the following command will scan all ports from the computer.
nmap -p 1-65536 localhost
If you see "7890/tcp open unknown" then ssh is working on the new port. The reason it outputs unknown is because there isn't anything defined for 7890 in /etc/services. It is not necessary to be listed in /etc/services to work. If a firewall is running on that computer you will need to add a rule to allow port 7890 TCP to access it remotely.
|
|
|
10-12-2016, 07:40 AM
|
#9
|
LQ Guru
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,634
|
Quote:
Originally Posted by sscn
"netstat -tulpn" could show sshd using the new port.
My question is how to make nmap to know new SSH port and display the info from the commmand "nmap localhost".
Thanks in advance,
SSCN
|
What do you have in the configuration file sshd_config regarding the Listen directive? If "sshd" is not listening on the address localhost, then your scan FROM localhost TO localhost with "nmap" won't find anything. Again, to us "nmap" correctly, you must run it from a second machine.
Even then, on a second machine, it is normal to tell "nmap" to do something by adding a few options.
Code:
nmap -A -T4 ssh.example.com
By the way, in addition to Emerson's link, there is this:
http://bsdly.blogspot.com/2013/02/th...igh-ports.html
|
|
|
10-12-2016, 07:53 AM
|
#10
|
LQ Newbie
Registered: Jan 2006
Location: China
Distribution: Fedora
Posts: 28
Original Poster
Rep:
|
Good Suggestion
Quote:
Originally Posted by Emerson
|
Thanks for the sharing.
The reason why I need to change SSH port to a new one is to avoid attack on the server as we did see enoumous connections to the server SSH port 22 when it was on line.
Our solution is to change the SSH port and bind the fixed IP for the server.
It seems that changing SSH port is not a good idea. Mask SSH port 22 or portknock is too complex.
I might need to study SSH public key authentication to enhance the secure access.
Thanks again.
|
|
|
10-12-2016, 07:54 AM
|
#11
|
LQ Newbie
Registered: Jan 2006
Location: China
Distribution: Fedora
Posts: 28
Original Poster
Rep:
|
Quote:
Originally Posted by michaelk
The output of the following command will scan all ports from the computer.
nmap -p 1-65536 localhost
If you see "7890/tcp open unknown" then ssh is working on the new port. The reason it outputs unknown is because there isn't anything defined for 7890 in /etc/services. It is not necessary to be listed in /etc/services to work. If a firewall is running on that computer you will need to add a rule to allow port 7890 TCP to access it remotely.
|
The command
nmap -p 1-65535 localhost
does work but not for "nmap -p 1-65536 localhost".
Thanks,
SSCN
|
|
|
10-12-2016, 08:00 AM
|
#12
|
LQ Newbie
Registered: Jan 2006
Location: China
Distribution: Fedora
Posts: 28
Original Poster
Rep:
|
Quote:
Originally Posted by michaelk
The output of the following command will scan all ports from the computer.
nmap -p 1-65536 localhost
If you see "7890/tcp open unknown" then ssh is working on the new port. The reason it outputs unknown is because there isn't anything defined for 7890 in /etc/services. It is not necessary to be listed in /etc/services to work. If a firewall is running on that computer you will need to add a rule to allow port 7890 TCP to access it remotely.
|
Do you know how to make /etc/services change valid after modification?
I did add new SSH port to the file but no luck even masked ssh port 22 lines.
Thanks,
SSCN
|
|
|
10-12-2016, 08:01 AM
|
#13
|
Moderator
Registered: Aug 2002
Posts: 26,456
|
Sorry that was a typo.
|
|
|
10-12-2016, 08:05 AM
|
#14
|
LQ Guru
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,634
|
Quote:
Originally Posted by sscn
The reason why I need to change SSH port to a new one is to avoid attack on the server as we did see enoumous connections to the server SSH port 22 when it was on line.
|
There are also tools like sshguard and fail2ban which will adjust your iptables rules to block some sources of some attacks.
|
|
1 members found this post helpful.
|
All times are GMT -5. The time now is 04:56 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|