Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am using the latest release of CentOS 7 on ovh.com VPS. I am going over Basic CentOS setup website, and it advises to change the SSH port (like many other websites that I've been reading now).
It looks like I am not able to do it thought, so I reversed everything to the original settings.
I was doing something like this:
Code:
vi /etc/ssh/sshd_config
#port 22 ---change to---> port 22000 (example number, 1025-65536 range)
#PermitRootLogin yes ---> PermitRootLogin no
#UseDNS yes ---> UseDNS no
AllowUsers username (add as last line)
Save and exit
After I did that I was getting something like this after running the journalctl -xn command
Code:
error: Bind to port 2750 on 0.0.0.0 failed: Permission denied.
error: Bind to port 2750 on :: failed: Permission denied.
Fatal: Cannot bind any address
Sshd.service: main process exited, code=exited, status=255/n/a
Unit sshd.service entered failed state.
Unit sshd.service cannot be reloaded because it is inactive.
I've seen some posts about it on the Internet, but I was not able to find a precise answer, especially based on CentOS7, that I have.
###
In general, I am at the default settings now, and what is advised in this article is good. When I do the changes sshd stops and it does not work, it is working currently, but it is root login at port 22.
What happens if you just uncomment the PermitRootLogin line and change it to no, eg:
Code:
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
etc, and then run "service sshd restart"?
Changing the ssh port should be very straight forward, I do it all the time, CentOS 7 included. You can have multiple ports as well, just add new lines, eg:
I am logged in now. If I will disable the root login and then restart the sshd.service, will it not kick me out of the server, or something like this?
No it won't, I do it all the time. Though as Emerson said, I'm not sure if the new setting would kick off an existing root ssh session since the new rule explicitly forbids it, though I doubt it. You do have another user, yes? I assume so since you already tried to shut off root SSH login earlier.
I will try this now. Thanks for your answers so far. If anybody needs info about xxx websites niche, I can let you know some things over email or Skype.
vi /etc/ssh/sshd_config
--> changed to PermitRootLogin no
systemctl reload sshd.service
systemctl status sshd.service
It is running, and it looks like everything is ok.
That's good, now how about adding a second listening port in addition to 22?
Just uncomment the "#Port 22" line, and add a second one below it with your desired port, then restarting sshd again?
When that's done you should be able to connect on either port, though you may need to play with firewall and SELinux rules. Once you verify the new port is working as expected, you can remove the "Port 22" line and restart again to limit your connections to just the new port, assuming you still want to after reading the article Emerson linked to.
You probably need to tell selinux that it's ok for sshd to use an alternate port. The default centos7 has selinux enabled. You can allow an alternate port with this command.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.