LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-12-2016, 06:18 AM   #1
sscn
LQ Newbie
 
Registered: Jan 2006
Location: China
Distribution: Fedora
Posts: 28

Rep: Reputation: 0
Smile How to change SSH port 22 to new one and make Linux system know the new SSH port?


Hello,

I want to mask one server SSH port 22 to another one and make the Linux know the new port to be assigned to SSH.

I added "Port 7890" to /etc/ssh/sshd_config file and restart the sshd service and the port 7890 can be used for SSH login.

However, when I use "nmap localhost" command, I cannot get ssh on the output list to link with port 7890.

How could I make the Linux system to know the new SSH port?

Thanks,

SSCN
 
Old 10-12-2016, 06:26 AM   #2
jdkaye
LQ Guru
 
Registered: Dec 2008
Location: Westgate-on-Sea, Kent, UK
Distribution: Debian Testing Amd64
Posts: 5,465

Rep: Reputation: Disabled
Duckduckgo is your friend. A quick search will turn up a solution. Here's a good one
jdk
 
Old 10-12-2016, 06:45 AM   #3
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,634
Blog Entries: 4

Rep: Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905
If you can log in on the new port, then it is set up ok. That's the proof right there.

About the scans, which options, specifically, do you use with "nmap" to do the scan?

Usually for accurate results, you must do your scan from a second machine.
 
Old 10-12-2016, 07:15 AM   #4
sscn
LQ Newbie
 
Registered: Jan 2006
Location: China
Distribution: Fedora
Posts: 28

Original Poster
Rep: Reputation: 0
Smile Tried but new SSH port not recoginze by nmap

Hello jdkaye,

I tried it and I could use the new port for SSH login.

However, "nmap localhost" command still has no SSH service port info.

I want to know how to make SSH new port visible to nmap command.

Thanks a lot,

SSCN
 
Old 10-12-2016, 07:22 AM   #5
sscn
LQ Newbie
 
Registered: Jan 2006
Location: China
Distribution: Fedora
Posts: 28

Original Poster
Rep: Reputation: 0
Smile New port works but not for nmap

Quote:
Originally Posted by Turbocapitalist View Post
If you can log in on the new port, then it is set up ok. That's the proof right there.

About the scans, which options, specifically, do you use with "nmap" to do the scan?

Usually for accurate results, you must do your scan from a second machine.
"nmap localhost" didn't have ssh service info.

If I use 2252, nmap would show the port but system shows the port "unknow".

If I use 50683, nmap would not be able to show the port at all. So new SSH port is unknown to system.
 
Old 10-12-2016, 07:28 AM   #6
sscn
LQ Newbie
 
Registered: Jan 2006
Location: China
Distribution: Fedora
Posts: 28

Original Poster
Rep: Reputation: 0
netstat can know SSH new port but not for nmap

"netstat -tulpn" could show sshd using the new port.

My question is how to make nmap to know new SSH port and display the info from the commmand "nmap localhost".

Thanks in advance,

SSCN

Last edited by sscn; 10-12-2016 at 07:29 AM.
 
Old 10-12-2016, 07:30 AM   #7
Emerson
LQ Sage
 
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~amd64
Posts: 7,675

Rep: Reputation: Disabled
Why using high ports for SSH is a bad idea.
 
1 members found this post helpful.
Old 10-12-2016, 07:34 AM   #8
michaelk
Moderator
 
Registered: Aug 2002
Posts: 26,456

Rep: Reputation: 6215Reputation: 6215Reputation: 6215Reputation: 6215Reputation: 6215Reputation: 6215Reputation: 6215Reputation: 6215Reputation: 6215Reputation: 6215Reputation: 6215
The output of the following command will scan all ports from the computer.
nmap -p 1-65536 localhost

If you see "7890/tcp open unknown" then ssh is working on the new port. The reason it outputs unknown is because there isn't anything defined for 7890 in /etc/services. It is not necessary to be listed in /etc/services to work. If a firewall is running on that computer you will need to add a rule to allow port 7890 TCP to access it remotely.
 
Old 10-12-2016, 07:40 AM   #9
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,634
Blog Entries: 4

Rep: Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905
Quote:
Originally Posted by sscn View Post
"netstat -tulpn" could show sshd using the new port.

My question is how to make nmap to know new SSH port and display the info from the commmand "nmap localhost".

Thanks in advance,

SSCN
What do you have in the configuration file sshd_config regarding the Listen directive? If "sshd" is not listening on the address localhost, then your scan FROM localhost TO localhost with "nmap" won't find anything. Again, to us "nmap" correctly, you must run it from a second machine.

Even then, on a second machine, it is normal to tell "nmap" to do something by adding a few options.

Code:
nmap -A -T4 ssh.example.com
By the way, in addition to Emerson's link, there is this:
http://bsdly.blogspot.com/2013/02/th...igh-ports.html
 
Old 10-12-2016, 07:53 AM   #10
sscn
LQ Newbie
 
Registered: Jan 2006
Location: China
Distribution: Fedora
Posts: 28

Original Poster
Rep: Reputation: 0
Smile Good Suggestion

Quote:
Originally Posted by Emerson View Post
Thanks for the sharing.

The reason why I need to change SSH port to a new one is to avoid attack on the server as we did see enoumous connections to the server SSH port 22 when it was on line.

Our solution is to change the SSH port and bind the fixed IP for the server.

It seems that changing SSH port is not a good idea. Mask SSH port 22 or portknock is too complex.

I might need to study SSH public key authentication to enhance the secure access.

Thanks again.
 
Old 10-12-2016, 07:54 AM   #11
sscn
LQ Newbie
 
Registered: Jan 2006
Location: China
Distribution: Fedora
Posts: 28

Original Poster
Rep: Reputation: 0
Smile

Quote:
Originally Posted by michaelk View Post
The output of the following command will scan all ports from the computer.
nmap -p 1-65536 localhost

If you see "7890/tcp open unknown" then ssh is working on the new port. The reason it outputs unknown is because there isn't anything defined for 7890 in /etc/services. It is not necessary to be listed in /etc/services to work. If a firewall is running on that computer you will need to add a rule to allow port 7890 TCP to access it remotely.

The command
nmap -p 1-65535 localhost
does work but not for "nmap -p 1-65536 localhost".

Thanks,

SSCN
 
Old 10-12-2016, 08:00 AM   #12
sscn
LQ Newbie
 
Registered: Jan 2006
Location: China
Distribution: Fedora
Posts: 28

Original Poster
Rep: Reputation: 0
Smile

Quote:
Originally Posted by michaelk View Post
The output of the following command will scan all ports from the computer.
nmap -p 1-65536 localhost

If you see "7890/tcp open unknown" then ssh is working on the new port. The reason it outputs unknown is because there isn't anything defined for 7890 in /etc/services. It is not necessary to be listed in /etc/services to work. If a firewall is running on that computer you will need to add a rule to allow port 7890 TCP to access it remotely.
Do you know how to make /etc/services change valid after modification?

I did add new SSH port to the file but no luck even masked ssh port 22 lines.

Thanks,

SSCN
 
Old 10-12-2016, 08:01 AM   #13
michaelk
Moderator
 
Registered: Aug 2002
Posts: 26,456

Rep: Reputation: 6215Reputation: 6215Reputation: 6215Reputation: 6215Reputation: 6215Reputation: 6215Reputation: 6215Reputation: 6215Reputation: 6215Reputation: 6215Reputation: 6215
Sorry that was a typo.
 
Old 10-12-2016, 08:05 AM   #14
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,634
Blog Entries: 4

Rep: Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905
Quote:
Originally Posted by sscn View Post
The reason why I need to change SSH port to a new one is to avoid attack on the server as we did see enoumous connections to the server SSH port 22 when it was on line.
There are also tools like sshguard and fail2ban which will adjust your iptables rules to block some sources of some attacks.
 
1 members found this post helpful.
Old 10-12-2016, 08:31 AM   #15
michaelk
Moderator
 
Registered: Aug 2002
Posts: 26,456

Rep: Reputation: 6215Reputation: 6215Reputation: 6215Reputation: 6215Reputation: 6215Reputation: 6215Reputation: 6215Reputation: 6215Reputation: 6215Reputation: 6215Reputation: 6215
I'm having a bad morning... nmap has its own services file.

https://nmap.org/book/nmap-services.html
 
  


Reply

Tags
ssh access


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] IPtables : ssh port forwarding one port to another port issue routers Linux - Networking 7 08-07-2018 09:41 AM
SSH is still listening on port 22 after change to a new port? boyla Linux - Server 6 04-08-2011 01:26 AM
change ssh port sandeepthug Linux - Server 9 03-11-2010 05:04 PM
Howto do Secured ssh from port https or port80(standard) to ssh d listening port 22 ? Xeratul Linux - General 4 11-23-2006 07:09 AM
iptables help! DROP ssh port, but allow to connect to ssh if from 2222 port kandzha Linux - Networking 4 09-13-2006 10:10 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 04:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration