0

can someone please give a hint what else may be wrong. System Almalinux9, located at VPS. I wanted to change a port of SSHD to 60022, but when i try to connect to it, it does not respond anyhow when i'm trying to connect: "Network error: connection timeout". Thanks

added to sshd_config a separate line

Port 60022  
Port 22

ss -lntp | grep ssh
LISTEN 0      128          0.0.0.0:22         0.0.0.0:*    users:(("sshd",pid=933,fd=3))
LISTEN 0      128          0.0.0.0:60022      0.0.0.0:*    users:(("sshd",pid=933,fd=5))
LISTEN 0      128             [::]:22            [::]:*    users:(("sshd",pid=933,fd=4))
LISTEN 0      128             [::]:60022         [::]:*    users:(("sshd",pid=933,fd=6))



 semanage port -a -t ssh_port_t -p tcp 60022  
se is in permissive mode atm


semanage port -l | grep ssh
ssh_port_t                     tcp      60022, 22

added firewall-cmd --zone=public --permanent --add-port=60022/tcp

firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services: cockpit dhcpv6-client ssh
  ports: 60022/tcp 22/tcp
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:

tried to remove ssh service from firewall, but did not help.

fail2ban listens to both ports and is not a problem

iptables -L -n -v

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
 4291  414K f2b-sshd   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22,60022

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
Improve this question
5
  • 1
    Can you connect to the original port number? If you can it means the service is not even running on your desired port number. That comes down to a configuration error. If you want help with a configuration error, that means, we need your configuration.
    – Ramhound
    Commented Sep 8, 2023 at 11:21
  • I assume you restarted the service
    – Ramhound
    Commented Sep 8, 2023 at 11:34
  • Did you also restart the firewall?
    – LPChip
    Commented Sep 8, 2023 at 11:46
  • yes, i restarted services and then tried to restart whole system. i can connect to original port 22 and it responds. also tried to remove ssh service from firewall-cmd (wo --permanent command, thats why its now a duplicate ssh service and 22 port in firewall), while adding 22nd port to be secure. maybe there might be something to do with that problem in nft list ruleset. but i'm not that sure. thanks
    – OddStan
    Commented Sep 8, 2023 at 12:27
  • found the problem, vps hosting has its own firewall which i did not update. thanks to everyone
    – OddStan
    Commented Sep 8, 2023 at 12:34

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .