1.ok,stop selinux, stop iptables
#/etc/init.d/iptables stop

2.change sshd port and restart
in /etc/ssh/sshd_config:
Port 5050

3.check the port working
#netstat -ntlp | grep :5050

4.login on server localhost
#ssh -vv -p 5050 localhost
it works.

but, on pc client

ssh -vv -p 5050 [server_name]
....

debug1: Connecting to zhuanfa [223.*.*.*] port 5050.
[stop here, no more output]

but -vv -p 22 [server_name] is ok.

So, let me get this right - it still connects on port 22?

Can you try changing IPtables, rather than just stopping it - so it uses 5050 instead?

Check Should be empty. Did you connect this client PC through router? Maybe it has firewall or port forwarding.

yes, i had try to changing iptabels.
i had set sshd to listen on port 22, or 5050, or both.

but it doesn't work.
so i stop iptables, disable selinux

server side's sshd listen on port 22 before.
so i can login to server and change the default port to 5050.

i try to login with anthor client, using the new port 5050.
but connection time out.

i had try to change iptables, selinux, but it doestn't work.

It is not either-or, you can make sshd listen on two ports.
What you cannot do is make a dynamic change, you have to bounce or refresh sshd to have it pick up configuration changes. Did you?

i login to server with port 22.
and then change /etc/ssh/sshd_config ,set Port to 5050
and /etc/init.d/sshd restart

Don't need to. Just 'semanage port -a -t ssh_port_t -p tcp 5050' to add port TCP/5050.


Don't need to. Just 'iptables -A INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT'.


BTW you didn't post actual output of 'ssh -v -v -v servername -p 5050' nor answer wpeckham's question abotu restarting sshd...

thanks.
i had try what you said. but it doestn't work. so i stop them rudely.
i had restart sshd.

and the output of ssh -vv servername -p 5050 is:
OpenSSH_5.5p1, OpenSSL 1.0.0e-fips 6 Sep 2011
debug1: Reading configuration data /home/tgf6/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to zhuanfa [223.*.*.*] port 5050.


and i found out that if the server listen on not well-known port like 8080,5000
the client cannot connect to .
so is it the iptables problem?

Likely well-meant but unfortunately "doesn't work" doesn't contain the kind of technical details I can do anything with.


Don't know. Could do with more nfo to start with.
On the client run:
- connectivity: 'hping2 -n -V -I eth0 --scan 22,5050 -S servername'
- firewall: 'for TABLE in $(</proc/net/ip_tables_names); do /sbin/iptables -t $TABLE -n -L; done;'.
Now on the server run:
- just to make sure: 'service sshd restart'
- 'for TABLE in $(</proc/net/ip_tables_names); do /sbin/iptables -t $TABLE -n -L; done;'
- ports opened by SSH daemon: 'lsof -Pwlnp `pgrep sshd` -a -i;'
- tcp_wrappers: 'grep -v ^# /etc/hosts.*|grep .;'
- 'grep -v ^# /etc/ssh/sshd_config|grep .;'
- enabled?: 'selinuxenabled; echo $?;'
- port assignments?: 'seinfo -p|grep ssh;'.