Opening up a nonstandard port for SSH

apetickler · #1 25th November 2008, 03:09 PM

Hello all.

Recently, I tried unsuccessfully to SSH to my machine from outside my local network. I found through some Googling that Comcast seems to be blocking port 22. For this reason, and for security, I'm trying to reconfigure my system for SSH over a different port.

So, I edited the "port=" lines in both ssh_config and sshd_config accordingly, and I used the GUI firewall configuration tool to allow TCP connections over my chosen port.

But when I try to open an SSH connection (at this point, I'm still testing over the local network), I get "Connection refused."

As might be expected, I also now get the same result trying to connect over port 22 (which now blocked by the firewall).

Additionally, when I type "netstat -ntlu," I don't see my new port listed.

As a test, I tried clicking on the big red "disable" button in the firewall configuration tool, but I still got the same results. I didn't reboot in between, though (I don't know whether or not that's necessary), and the next time I did reboot, the firewall was back up again.

Is there something I'm missing? What can I tell from my "netstat" results? Does this mean the sshd service isn't listening, or does it mean the port is still being blocked systemwide?

Thanks in advance, folks.

Jordanlw · #2 25th November 2008, 03:28 PM

Have you tried to open the port on your hardware firewall?
ssh_config is for your client side connections.
sshd_config is the configuration for the daemon.

apetickler · #3 26th November 2008, 12:45 AM

The only hardware firewall I've got is my router, and it only appears to filter traffic coming in from outside the network. There isn't even any real configuration for it.

scottro · #4 26th November 2008, 01:38 AM

The silly question--did you restart sshd after making the change.

Also, I don't believe it's a port= line. The only change you should have to make is in /etc/ssh/sshd_config. There's a line, Port 22 which is commented out with a #. (The commented lines often refer to the defaults and you only uncomment them if change them.

So, change that to whatever,

Port 1333
Change the firewall to allow it in.
service sshd restart
Then try.
I would also recommend disabling root login.

If you still can't login, see if the error's in what you did with the firewall

service iptables stop

That turns off the firewall for a minute

Try again.

If it works, then the error's in your firewall configuration.

As for connecting from outside, I know Linksys routers have port forwarding--usually under their applications and games menu or something similar.

apetickler · #5 26th November 2008, 04:22 PM

It's working this morning, after a second reboot. I suspected that something was off after the first reboot when I saw that one of my hard drives failed to mount. Didn't change anything, just rebooted again. Now everything's peachy. I'm in non-standard port SSH heaven!

Thanks, folks. This is really going to open up a whole new dimension of goofing off at work.