The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can't change SSH port???

Discussion in 'General Discussion' started by GrAfiX, Mar 10, 2006.

  1. GrAfiX

    GrAfiX Member

    Joined:
    Oct 20, 2002
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    0
    I was going through securing a brand new server with a fresh install of CentOS 4 and for some reason I cannot change my SSH port or it will fail. Only thing to get SSH back is to run the safesshrestart script from WHM.

    Currently there is no firewall installed, I was going down the list from the How to secure your server post so really not much has changed on this server minus the Tweak security and updating software on the server.

    I even copied the sshd_config from another server exactly and still when I try to restart SSH through WHM it fails.

    This is my first install of CentOS that I have set up; maybe there is something I don't know about it that is causing the issue.

    Any ideas?
     
  2. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    The restart fails or SSH itself fails? Try flushing iptables?
     
  3. GrAfiX

    GrAfiX Member

    Joined:
    Oct 20, 2002
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    0
    The restart fails so in turn SSH fails. :D

    I'll give that a try, Thanks!
     
  4. xidica

    xidica Well-Known Member

    Joined:
    Apr 21, 2005
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Texas
    Copying an sshd_config from another server doesn't sound like the best idea. Why didn't you simply change the "Port" directive in the /etc/ssh/sshd_config file and perform a /etc/init.d/sshd restart ?
     
  5. GrAfiX

    GrAfiX Member

    Joined:
    Oct 20, 2002
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    0

    Because that didn't work as stated in my first post. Also what's wrong with moving the config of the same version of SSH. I did that after all else failed so I really had nothing to lose since I did what you just said like 10 times over each time failing no matter what port I changed it to. Also they were identical except for the port changes and root perms.
     
  6. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    I too recently tried to change the SSH port on a new server and, try as I might, it just wouldn't work.

    I could change the port number correctly in sshd_config and could restart sshd fine but could never login on the newly chosen port.

    As it turns out only a selection of commonly used ports were open on the router at the data centre. Perhaps you have something similar going on.
     
  7. GrAfiX

    GrAfiX Member

    Joined:
    Oct 20, 2002
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    0

    I had thought this same thing, However when I have to use the command to recover SSH it usually ends up setting up on port 23. So I tried to use port 23 since that worked and was able to log in via Putty, and still SSH Fails to start.

    :confused: :confused: :confused: :confused:

    I've done this lots of times on lots of servers and I've never this issue.
     
  8. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Are you sure that the RH lokkit firewall isn't installed - it often is on a new OS install. Just a thought to make sure that the following is indeed empty:

    iptables -L -n

    One thing to check is to have SSH running on port 22. Change the SSH port and stay logged in. Restart SSH and stay logged in. Then run:

    netstat -lpn

    and check that sshd is bound to both port 22 (your session) and also the new port that the new daemon is now running on. If it is bound to the new port, then it's going to either be iptables or something external to the server.
     
Loading...

Share This Page