CentOS 6.4 change SSH default port

T

thunn

Verified User
Joined
Mar 13, 2012
Messages
167
Hello,
I'm currently running CentOS 6.4.
I have tried to change SSH port but not successfully,
Steps I did:

- Change port in /etc/ssh/sshd_config to 8668:
Code: 
Port 8668
- Restart sshd service.
Tried to connect via putty => It does not work, can't connect to server via 8668 port.

- I checked in iptables and have this line already:
Code: 
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8668 -j ACCEPT

I have tried to restart iptables too, but SSH still can't connect.

Is there any other places that I need to check too?

PS: I do not use any firewall like APF, CSF...

Thank you.
 
Yes, it's listening:
Code: 
$netstat -ntpl | grep ssh
tcp        0      0 0.0.0.0:8668                0.0.0.0:*                   LISTEN      17446/sshd
 
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8668 -j ACCEPT
Click to expand...
That's input. How is your output looking? Maybe that is the reason the connection won't work?

Try:
iptables -L OUTPUT
and see if it's on DROP or ACCEPT.
If it's on DROP there should also be a line for outgoing traffing from that port.

If you are on Directadmin, I would suggest to use CSF/LFD because a good firewall is normally better then some custom created lines.
 
Are you getting an error message from PuTTY? If so, what is the exact error message?

Can you connect using ssh from inside your box?
Code: 
$ ssh localhost -p 8668
If not, then is the error the same?

If you can connect from inside the box but not from the outside, then the problem is likely a firewall somewhere between your outside box and your inside box.

Jeff
 
Richard G said:
That's input. How is your output looking? Maybe that is the reason the connection won't work?

Try:
iptables -L OUTPUT
and see if it's on DROP or ACCEPT.
If it's on DROP there should also be a line for outgoing traffing from that port.

If you are on Directadmin, I would suggest to use CSF/LFD because a good firewall is normally better then some custom created lines.
Click to expand...

Yes, thanks.
For the command I saw this:
Code: 
$iptables -L OUTPUT
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh

@nobaloney, I checked and it's still able to connect:
Code: 
$ssh localhost -p 8668
The authenticity of host '[localhost]:8668 ([127.0.0.1]:8668)' can't be established.
RSA key fingerprint is 2c:4a:69:xxxx.xxxx.xxx.xxx.xxx.xxxx
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:8668' (RSA) to the list of known hosts.
root@localhost's password: 
Last login: Sun Mar 24 17:19:27 2013 from [MyIP Address]
 
you could check it from another server/IP, or send us an IP so we could test connection.
 
@nobaloney, Looks like after I tried to connect from localhost, then I can connected from my laptop :)
Thank you.

@Thanks for all of your answers to help me.
 
zEitEr said:
you could check it from another server/IP, or send us an IP so we could test connection.
Click to expand...

yes, looks like this one allowed me to connect:
Code: 
The authenticity of host '[localhost]:8668 ([127.0.0.1]:8668)' can't be established.
RSA key fingerprint is 2c:4a:69:xxxx.xxxx.xxx.xxx.xxx.xxxx
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:8668' (RSA) to the list of known hosts

Thanks.
 
You must log in or register to reply here.
Back
Top