Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Unable to change SSH port

Discussion in 'Security' started by RicardoFC, Oct 23, 2017.

  1. RicardoFC

    RicardoFC Member

    Joined:
    Oct 21, 2017
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Hi everyone,

    After reading How to Secure SSH, I proceeded to change SSH port, as this is not the first time I do this it was easy, I followed all steps, I opened the port in my firewall, restarted firewall, then modified sshd_config file with the new port and restarted ssh, it didn't work, tried again, checked if everything was ok, it was.

    Then, I ran myhostname.tld/scripts2/doautofixer?autofix=safesshrestart and when I checked my ssh_config it wasn't even modified, it had the change I made (I only changed the port's number).

    Of course, I can log in with 22 but not with the new port.

    What is happening?
     
  2. netluxe

    netluxe Registered

    Joined:
    Nov 7, 2014
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    76
    cPanel Access Level:
    Root Administrator
    Is there any reason in particular why you're looking to change the port? I can think of a number of different methods to properly secure your server's SSH functionality without having to change the port if you are having issues doing that.

    To start with, you should absolutely be at a minimum using an SSH key to log in & having the ssh password authentication option DISABLED within WHM. I would supplement that with the additional steps of creating an additional user account in SSH, adding it to the wheel group and configuring it to use your key. Then disable the root account and use your other user account instead. Additionally, I would use host access control rules to deny all connections outside of specific whitelisted IP addresses. If you do not have a static IP address on your usual internet connection a cheap workaround for this that I prefer to use myself as it has never failed me, is to set up a super cheap (I pay less than $4 USD a month) VPS with a unique static IP address you can get on any number of providers' sites. SSH into that VPS from your local machine, then use it to securely tunnel into your cPanel/WHM box and limit the access to be the VPS' static IP on the whitelist.

    This will secure your setup if you are having issues with the port. Realistically, with a port scanner it wouldn't be hard to discover whatever services were open and advertising on your machine so most of these automated attacks that we often see on our boxes coming from places like China non-stop might drop off, but they won't totally go away. Since those mass 'attacks' tend to happen anyway regardless of precautions taken, and as a result are not really very successful in reaching their aims, your use of some super basic protective measures like the ones I outlined above will effectively make your setup safe -- and importantly, at the same time, won't have an effect on your machine's operation or compatibility with some scripts or external operations that may rely on SSH running on the default port. Hard to say what the issue is exactly without knowing more details like what OS you are running.
     
  3. fuzzylogic

    fuzzylogic Well-Known Member

    Joined:
    Nov 8, 2014
    Messages:
    85
    Likes Received:
    46
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I would give a high probability that the problem would be due to an unfamiliarity of command line text editing tools.
    When I first used vi I had many wtf moments, especially when trying to save (or write).
    You do not mention which text editor you used, or what you did to save/write.
    I suggest you find some tutorials on this then practice on your ssh command line interface.
    Create a file, add text, edit it, (save/write it), close it, open it and read the edited file.
    When you feel competent, revisit editing /etc/ssh/sshd_config.
     
  4. RicardoFC

    RicardoFC Member

    Joined:
    Oct 21, 2017
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    For my needs I need to do what I said, I have other servers with what you said
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,378
    Likes Received:
    1,857
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You can run the following command to verify the sshd service is running on the new port:

    Code:
    netstat -lnp | grep sshd
    Do you see the correct port when running this command?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice