Ask Your Question
0

How do I change Fedora 25 SSH port?

asked 2017-04-25 09:19:13 -0500

spaceman gravatar image

Steps already tried:

1) In /etc/ssh/ssh_config I have uncommented the line consisting of # Port 22 and change 22 to a a random one, e.g.: 50687. Additionally I uncommented the # Host * line.

2) I tried creating a new line consisting of:

Port 50687

at the bottom of the file.

3) /etc/ssh/ssh_config has the note:

# To modify the system-wide ssh configuration, create a  *.conf  file under
#  /etc/ssh/ssh_config.d/  which will be automatically included below
Include /etc/ssh/ssh_config.d/*.conf

The only file in .../ssh_config.d/ is 05-redhat.conf

Again I tried uncommenting (and modifying) the # Host 22* line and creating a new line at the bottom of the.

4) I created a file 06-myfile.conf conisisting only of either:

Port 50687

or

Host *
Port 50687

After completing any of these steps I have issued:

sudo systemctl restart sshd.service

and tried to connect (via port 50687) and/or:

sudo systemctl status sshd.service
[sudo] password for spaceman: 
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2017-04-25 14:47:15 BST; 23min ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 5967 (sshd)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/sshd.service
           └─5967 /usr/sbin/sshd -D

Apr 25 14:47:15 nas systemd[1]: Starting OpenSSH server daemon...
Apr 25 14:47:15 nas sshd[5967]: Server listening on 0.0.0.0 port 22.
Apr 25 14:47:15 nas sshd[5967]: Server listening on :: port 22.
Apr 25 14:47:15 nas systemd[1]: Started OpenSSH server daemon.

What utterly n00bish error am I making?

edit retag flag offensive close merge delete

Comments

You systemctl status ... was 23 minutes old. Are you sure your sshd service restarted successfully?

Check this piece of documentation in regards to SELinux and ports.

Verify settings with: semanage port -l | grep ssh

florian gravatar imageflorian ( 2017-04-25 10:30:00 -0500 )edit

nmap localhost
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00090s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 989 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
3306/tcp open mysql
8200/tcp open trivnet1
9090/tcp open zeus-admin
10000/tcp open snet-sensor-mgmt

spaceman gravatar imagespaceman ( 2017-04-25 11:23:16 -0500 )edit

So, have you tried to modify the port context, and then reloaded the service?

florian gravatar imageflorian ( 2017-04-25 14:22:18 -0500 )edit

Sorry, one of my answers has gone walkabout. SELinux is not enabled and I have firewalld disabled too at this point. I'm not sure what changing the port content means? The 23 mins delay in outputting the status of sshd.service is merely the output I copied for the post, the first one I issue seconds after the restart (reload next time).

spaceman gravatar imagespaceman ( 2017-04-25 16:22:58 -0500 )edit
1

In which config file did you modify the port ? You mentioned /etc/ssh/ssh_config (so the client) and you restarted the server. As pointed by Florian, you should edit /etc/ssh/sshd_config.

yolo gravatar imageyolo ( 2017-04-26 16:42:59 -0500 )edit

2 Answers

Sort by » oldest newest most voted
2

answered 2017-04-26 18:36:15 -0500

zomegagon gravatar image

updated 2017-04-26 18:54:44 -0500

You are modifying the wrong file.

  • /etc/ssh/ssh_config modifies behavior of the ssh client.

  • /etc/ssh/sshd_config modifies behaviour of the sshd daemon.

8.2. Configuring OpenSSH - Fedora System Administrator's Guide

EDIT: Some other SSH articles you may want to checkout

edit flag offensive delete link more

Comments

Simple solution:

  • /etc/ssh/sshd_config modifies behaviour of the sshd daemon.

Many thanks for coming to my assistance, great resources linked too.

spaceman gravatar imagespaceman ( 2017-04-27 16:27:29 -0500 )edit
3

answered 2017-04-25 10:27:04 -0500

florian gravatar image

updated 2017-04-25 10:28:09 -0500

Not sure, what wrong here, just some thoughts.

  • systemctl reload sshd.service reloads the configuration - no need to restart the service.

  • Changing the port in /etc/ssh/sshd_config is sufficient.

  • How does the output of nmap localhost looks like?

  • Moreover, but that is not related to the simple fact that ssh should listen on port 50687, you need to tell you firewall to let packets through and tell SELinux not to block the activity: semanage port -a -t ssh_port_t -p tcp 50687

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-04-25 09:19:13 -0500

Seen: 1,416 times

Last updated: Apr 26 '17