3

I updated my SSH port from 22 to 6433 and now I can't SSH into my machine. I updated this line in /etc/ssh/sshd_config:

# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
Port 22

to

# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
Port 6433

I restarted my ssh service using 

$ service sshd restart

no errors were returned. Open up a new Terminal tab and run:

$ ssh [email protected] -p6433

which returns:

ssh: connect to host ip.address port 6433: No route to host

Not sure how to go about fixing?

update -

SELinux is not enabled

Improve this question
6
  • You may have selinux turn on and as the comment right above Port line on the text you copied says you may need to update selinux with semanage.
    – Mehmet
    Commented Aug 8, 2018 at 15:27
  • 1
    If the SSH server wasn't listening on that port, you would have gotten Connection refused. Now you're getting No route to host which means that the client can't even see the host on the network.
    – Kusalananda
    Commented Aug 8, 2018 at 15:27
  • @Mehmet selinux doth be disabled I'm afraid :/
    – treyBake
    Commented Aug 8, 2018 at 15:28
  • @Kusalananda which is weird, because my connect session is fine in the sense of ifconfig shows expected values
    – treyBake
    Commented Aug 8, 2018 at 15:29
  • 6
    Check if iptables/firewall-cmd is configured to allow your new port. If that is not the cause, check if you are accessing the ip address through another network device. In that case the new port must be opened there as well.
    – Vinod
    Commented Aug 8, 2018 at 15:31

2 Answers 2

Reset to default
6

Thanks to @Vinod I got on the right track, achieved by doing:

$ firewall-cmd --zone=permanent --add-port=6433/tcp
$ firewall-cmd --reload

now I can SSH into my server.

Improve this answer
3

Thanks to @treyBake (and by ricochet to @Vinod), I succeeded on a CentOS 7 (running on a Virtual Private Server hosted on OVH) by doing:

firewall-cmd --zone=public --add-port=1984/tcp
firewall-cmd --permanent --add-port=1984/tcp
firewall-cmd --reload

I'm not sure if the first line is necessary; it worked fine after I entered these three commands, that's all I know.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .