Unable to change SSH port

RicardoFC

Member
Oct 21, 2017
20
0
1
Spain
cPanel Access Level
Root Administrator
Hi everyone,

After reading How to Secure SSH, I proceeded to change SSH port, as this is not the first time I do this it was easy, I followed all steps, I opened the port in my firewall, restarted firewall, then modified sshd_config file with the new port and restarted ssh, it didn't work, tried again, checked if everything was ok, it was.

Then, I ran myhostname.tld/scripts2/doautofixer?autofix=safesshrestart and when I checked my ssh_config it wasn't even modified, it had the change I made (I only changed the port's number).

Of course, I can log in with 22 but not with the new port.

What is happening?
 

netluxe

Registered
Nov 7, 2014
2
0
76
cPanel Access Level
Root Administrator
Is there any reason in particular why you're looking to change the port? I can think of a number of different methods to properly secure your server's SSH functionality without having to change the port if you are having issues doing that.

To start with, you should absolutely be at a minimum using an SSH key to log in & having the ssh password authentication option DISABLED within WHM. I would supplement that with the additional steps of creating an additional user account in SSH, adding it to the wheel group and configuring it to use your key. Then disable the root account and use your other user account instead. Additionally, I would use host access control rules to deny all connections outside of specific whitelisted IP addresses. If you do not have a static IP address on your usual internet connection a cheap workaround for this that I prefer to use myself as it has never failed me, is to set up a super cheap (I pay less than $4 USD a month) VPS with a unique static IP address you can get on any number of providers' sites. SSH into that VPS from your local machine, then use it to securely tunnel into your cPanel/WHM box and limit the access to be the VPS' static IP on the whitelist.

This will secure your setup if you are having issues with the port. Realistically, with a port scanner it wouldn't be hard to discover whatever services were open and advertising on your machine so most of these automated attacks that we often see on our boxes coming from places like China non-stop might drop off, but they won't totally go away. Since those mass 'attacks' tend to happen anyway regardless of precautions taken, and as a result are not really very successful in reaching their aims, your use of some super basic protective measures like the ones I outlined above will effectively make your setup safe -- and importantly, at the same time, won't have an effect on your machine's operation or compatibility with some scripts or external operations that may rely on SSH running on the default port. Hard to say what the issue is exactly without knowing more details like what OS you are running.
 

fuzzylogic

Well-Known Member
Nov 8, 2014
154
94
78
cPanel Access Level
Root Administrator
I would give a high probability that the problem would be due to an unfamiliarity of command line text editing tools.
When I first used vi I had many wtf moments, especially when trying to save (or write).
You do not mention which text editor you used, or what you did to save/write.
I suggest you find some tutorials on this then practice on your ssh command line interface.
Create a file, add text, edit it, (save/write it), close it, open it and read the edited file.
When you feel competent, revisit editing /etc/ssh/sshd_config.
 

RicardoFC

Member
Oct 21, 2017
20
0
1
Spain
cPanel Access Level
Root Administrator
I would give a high probability that the problem would be due to an unfamiliarity of command line text editing tools.
When I first used vi I had many wtf moments, especially when trying to save (or write).
You do not mention which text editor you used, or what you did to save/write.
I suggest you find some tutorials on this then practice on your ssh command line interface.
Create a file, add text, edit it, (save/write it), close it, open it and read the edited file.
When you feel competent, revisit editing /etc/ssh/sshd_config.
For my needs I need to do what I said, I have other servers with what you said
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,258
463
After reading How to Secure SSH, I proceeded to change SSH port, as this is not the first time I do this it was easy, I followed all steps, I opened the port in my firewall, restarted firewall, then modified sshd_config file with the new port and restarted ssh, it didn't work, tried again, checked if everything was ok, it was.
Hello,

You can run the following command to verify the sshd service is running on the new port:

Code:
netstat -lnp | grep sshd
Do you see the correct port when running this command?

Thank you.