GrAfiX

Member
Oct 20, 2002
14
0
151
I was going through securing a brand new server with a fresh install of CentOS 4 and for some reason I cannot change my SSH port or it will fail. Only thing to get SSH back is to run the safesshrestart script from WHM.

Currently there is no firewall installed, I was going down the list from the How to secure your server post so really not much has changed on this server minus the Tweak security and updating software on the server.

I even copied the sshd_config from another server exactly and still when I try to restart SSH through WHM it fails.

This is my first install of CentOS that I have set up; maybe there is something I don't know about it that is causing the issue.

Any ideas?
 

xidica

Well-Known Member
Apr 21, 2005
63
0
156
Texas
Copying an sshd_config from another server doesn't sound like the best idea. Why didn't you simply change the "Port" directive in the /etc/ssh/sshd_config file and perform a /etc/init.d/sshd restart ?
 

GrAfiX

Member
Oct 20, 2002
14
0
151
xidica said:
Copying an sshd_config from another server doesn't sound like the best idea. Why didn't you simply change the "Port" directive in the /etc/ssh/sshd_config file and perform a /etc/init.d/sshd restart ?

Because that didn't work as stated in my first post. Also what's wrong with moving the config of the same version of SSH. I did that after all else failed so I really had nothing to lose since I did what you just said like 10 times over each time failing no matter what port I changed it to. Also they were identical except for the port changes and root perms.
 

webignition

Well-Known Member
Jan 22, 2005
1,876
1
166
I too recently tried to change the SSH port on a new server and, try as I might, it just wouldn't work.

I could change the port number correctly in sshd_config and could restart sshd fine but could never login on the newly chosen port.

As it turns out only a selection of commonly used ports were open on the router at the data centre. Perhaps you have something similar going on.
 

GrAfiX

Member
Oct 20, 2002
14
0
151
webignition said:
I too recently tried to change the SSH port on a new server and, try as I might, it just wouldn't work.

I could change the port number correctly in sshd_config and could restart sshd fine but could never login on the newly chosen port.

As it turns out only a selection of commonly used ports were open on the router at the data centre. Perhaps you have something similar going on.

I had thought this same thing, However when I have to use the command to recover SSH it usually ends up setting up on port 23. So I tried to use port 23 since that worked and was able to log in via Putty, and still SSH Fails to start.

:confused: :confused: :confused: :confused:

I've done this lots of times on lots of servers and I've never this issue.
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
Are you sure that the RH lokkit firewall isn't installed - it often is on a new OS install. Just a thought to make sure that the following is indeed empty:

iptables -L -n

One thing to check is to have SSH running on port 22. Change the SSH port and stay logged in. Restart SSH and stay logged in. Then run:

netstat -lpn

and check that sshd is bound to both port 22 (your session) and also the new port that the new daemon is now running on. If it is bound to the new port, then it's going to either be iptables or something external to the server.