LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Not able to change SSH port (https://www.linuxquestions.org/questions/linux-newbie-8/not-able-to-change-ssh-port-4175557377/)

AdultFoundry 10-28-2015 12:12 PM
Not able to change SSH port
 
I am using the latest release of CentOS 7 on ovh.com VPS. I am going over Basic CentOS setup website, and it advises to change the SSH port (like many other websites that I've been reading now).

It looks like I am not able to do it thought, so I reversed everything to the original settings.

I was doing something like this:

Code:
vi /etc/ssh/sshd_config
#port 22 ---change to---> port 22000 (example number, 1025-65536 range)
#PermitRootLogin yes ---> PermitRootLogin no
#UseDNS yes ---> UseDNS no
AllowUsers username (add as last line)
Save and exit
After I did that I was getting something like this after running the journalctl -xn command

Code:
error: Bind to port 2750 on 0.0.0.0 failed: Permission denied.
error: Bind to port 2750 on :: failed: Permission denied.
Fatal: Cannot bind any address       
Sshd.service: main process exited, code=exited, status=255/n/a
Unit sshd.service entered failed state.
Unit sshd.service cannot be reloaded because it is inactive.
I've seen some posts about it on the Internet, but I was not able to find a precise answer, especially based on CentOS7, that I have.

###

In general, I am at the default settings now, and what is advised in this article is good. When I do the changes sshd stops and it does not work, it is working currently, but it is root login at port 22.

How would I get this done?

suicidaleggroll 10-28-2015 12:18 PM
What happens if you just uncomment the PermitRootLogin line and change it to no, eg:
Code:
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
etc, and then run "service sshd restart"?

Changing the ssh port should be very straight forward, I do it all the time, CentOS 7 included. You can have multiple ports as well, just add new lines, eg:
Code:
Port 22
Port 22000
Port 9082
etc.

Emerson 10-28-2015 12:21 PM
And this ...

AdultFoundry 10-28-2015 12:35 PM
Quote:
Originally Posted by suicidaleggroll (Post 5441484)
What happens if you just uncomment the PermitRootLogin line and change it to no, eg:
Code:
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
etc, and then run "service sshd restart"?
I am logged in now. If I will disable the root login and then restart the sshd.service, will it not kick me out of the server, or something like this? :)

Emerson 10-28-2015 12:37 PM
You could use reload instead of restart. However, if you are logged in as root it may kick you out after new setting takes effect.

suicidaleggroll 10-28-2015 12:46 PM
Quote:
Originally Posted by AdultFoundry (Post 5441492)
I am logged in now. If I will disable the root login and then restart the sshd.service, will it not kick me out of the server, or something like this? :)
No it won't, I do it all the time. Though as Emerson said, I'm not sure if the new setting would kick off an existing root ssh session since the new rule explicitly forbids it, though I doubt it. You do have another user, yes? I assume so since you already tried to shut off root SSH login earlier.

AdultFoundry 10-28-2015 12:49 PM
I will try this now. Thanks for your answers so far. If anybody needs info about xxx websites niche, I can let you know some things over email or Skype.

AdultFoundry 10-28-2015 01:01 PM
Quote:
Originally Posted by suicidaleggroll (Post 5441484)
What happens if you just uncomment the PermitRootLogin line and change it to no, eg:
Code:
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
etc, and then run "service sshd restart"?
Code:
vi /etc/ssh/sshd_config
--> changed to PermitRootLogin no
systemctl reload sshd.service
systemctl status sshd.service
It is running, and it looks like everything is ok.

AdultFoundry 10-28-2015 01:05 PM
Quote:
Originally Posted by Emerson (Post 5441487)
And this ...
Simple question here - For key based authentication (something like an RSA key pair from puttygen) changing SSH port is 100% ok?

suicidaleggroll 10-28-2015 01:18 PM
Quote:
Originally Posted by AdultFoundry (Post 5441510)
Code:
vi /etc/ssh/sshd_config
--> changed to PermitRootLogin no
systemctl reload sshd.service
systemctl status sshd.service
It is running, and it looks like everything is ok.
That's good, now how about adding a second listening port in addition to 22?
Just uncomment the "#Port 22" line, and add a second one below it with your desired port, then restarting sshd again?

When that's done you should be able to connect on either port, though you may need to play with firewall and SELinux rules. Once you verify the new port is working as expected, you can remove the "Port 22" line and restart again to limit your connections to just the new port, assuming you still want to after reading the article Emerson linked to.

AdultFoundry 10-28-2015 01:22 PM
Thanks for the info. I will leave it as is, and I will come back to it later on.

Doug G 10-28-2015 06:44 PM
You probably need to tell selinux that it's ok for sshd to use an alternate port. The default centos7 has selinux enabled. You can allow an alternate port with this command.

Quote:
semanage port -a -t ssh_port_t -p tcp 2750


All times are GMT -5. The time now is 08:26 AM.