SSH port change issue

[FortressMB]

Hello,

First, I'm running:
Ubuntu 24.04
Directadmin
CSF/LSF

Have not gotten any further to install anything else.

I am trying to change the SSH port to an uncommon port. Lets call the port 1234.

I have changed the port in /etc/ssh/sshd_config to "port 1234"
I added the same port number to the TCP in/TCP out in Firewall configuration.
I saved and restarted all

Port 1234 is listed as the port for ssh when you do the "server check-->Check SSH on non-standard port"
Does NOT show in the "View Listening Ports" and when I try to putty in i get connection refused. SSH is running because I can putty in on 22 still. Have not blocked it yet.

Any ideas what I am missing or might be causing this? New to DA.

Thanks,

Mike

 

[Ohm J]

restart sshd service ?

 

[FortressMB]

Yea, sorry missed saying that. I did restart everything several times. SSH as well.

 

[Ohm J]

If I remember, "port" config is just add other port to working together with default port, you should remove port 22 on the firewall.

 

[sysdev]

Maybe this can help?

https://askubuntu.com/questions/1439461/ssh-default-port-not-changing-ubuntu-22-10-and-later

 

[FortressMB]

If I remember, "port" config is just add other port to working together with default port, you should remove port 22 on the firewall.

Yes, well, I will remove port 22 AFTER I make sure I can get into the server through the new SSH port. Wouldn't be good to lock myself out.

 

[FortressMB]

Maybe this can help?

https://askubuntu.com/questions/1439461/ssh-default-port-not-changing-ubuntu-22-10-and-later

Thank you @sysdev . That led me to a different restart command

sudo systemctl restart ssh

Which apparently worked. I am pretty sure that is the code I used before but today, it is working.

All that matters I guess.

Thanks for the help guys. Appreciate it!

 

[Richard G]

you should remove port 22 on the firewall.

No that is incorrect, it's not working together. If the port is changed via port setting, you don't need to remove 22 either in CSF. I also got both 22 and custom port open to trick attackers into the firewall. Port is not an addition to 22 but replacement. A connection to 22 wil just be refused by SSHD.

@FortressMB It seems for higher version of Ubuntu, you have to look at the link from @sysdev to fix your issue. Seems Ubuntu needed to change easy things again to difficult. I hope RHEL won't follow with this nonsense.

 

[Ohm J]

@Richard G
Yes, I might wrong because I use all these "Ubuntu, Debian, Rhel ( all fork ) " from time to time, so the information could go wrong due diferrence OS.

But this thread already mention "Ubuntu 24", so I just guest the problem ( Same my issued in the past during installed new server ).

 

[FortressMB]

@Richard G Yes, I was able to fix it thanks to the link @sysdev supplied. Apparently 22 and up restarting ssh is done throught the ssh.socket so different command. Working now. I think the main issue was I was in a hurry to setup DA and I should have finished setting up the security first. Then it would have grandfathered in.

I have forgotten too much from my support tech days lol

Thanks again for the help!

 

[DrWizzle]

If you've set the correct port in CSF + LFD, and also in your /etc/ssh/sshd_config file, restart SSH

systemctl restart ssh
systemctl status sshd

that should say "Listening on port .....". If it's still 22 there, or returns an error "Service sshd.service not found" (or words to that effect) then run

root@server ~ # systemctl enable ssh
root@server ~ # systemctl restart ssh
root@server ~ # systemctl restart sshd
root@server ~ # systemctl status sshd
● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/usr/lib/systemd/system/ssh.service; enabled; preset: enabled)
     Active: active (running) since Thu 2025-07-03 08:05:34 UTC; 1s ago
TriggeredBy: ● ssh.socket
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 30745 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
   Main PID: 30748 (sshd)
      Tasks: 1 (limit: 4540)
     Memory: 1.2M (peak: 1.5M)
        CPU: 32ms
     CGroup: /system.slice/ssh.service
             └─30748 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

Jul 03 08:05:34 server systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
Jul 03 08:05:34 server sshd[30748]: Server listening on :: port 1234.
Jul 03 08:05:34 server systemd[1]: Started ssh.service - OpenBSD Secure Shell server.

and that should do the trick. Works every time on my ubuntu installs when I change the port 22.

1 last thing, look in the /etc/ssh/sshd_config.d directory and see if there's any config files in there that are overriding the port change

 

[Richard G]

Works every time on my ubuntu installs when I change the port 22.

Even on Ubuntu higher than version 22? Because as of 24 that seems changed according to the link above.

 

[DrWizzle]

Even on Ubuntu higher than version 22? Because as of 24 that seems changed according to the link above.

I run 24.04 on my servers. the enable ssh command after i've edited the sshd_config file creates a symlink I believe and also starts sshd. if sshd doesnt start the systemctl restart ssh && systemctl restart sshd does it every time. I'll always change the port from 22 soon as I can.