+64-3-3595735

Home » Tips and Hints » Linux » SSH / SSHD will not change port

SSH / SSHD will not change port

The Problem

Running up a new Ubunutu 24.04 LTS server I changed the SSH port in /etc/ssh/sshd_conf  in the normal way:

Port 1234

I restarted ssh

sudo systemctl restart ssh

but the port had not changed.

A recheck, restart, reboot and much frustration later I discovered that Ubuntu 22.10 onward now uses ‘socket-based’ activation not service based as previously.

The file /etc/ssh/sshd_config and other similar files are now unused for port or listen address settings,

BUT…before you ditch the sshd_config file  – it is still used for settings such as:

  • removing password authentication
  • using authorized_keys
  • removing root from being able to log in.
  • adding users

The impact of this is  that  Port and ListenAddress options are not used when sshd is socket-activated. I haven’t figured out what other changes are now in play.

How do you change the default port for ssh / sshd?

Your options for changing from default port:

  1. Turning off this change and reverting to how SSHd worked prior to this update
    • systemctl disable --now ssh.socket
    • systemctl enable --now ssh.service
    • Then the /etc/ssh/sshd_config works again with Ports and Addresses setting
  2. Setup to use socket streams
    • mkdir -p /etc/systemd/system/ssh.socket.d
    • sudo nano /etc/systemd/system/ssh.socket.d/listen.conf
    • Add the following settings nad save the file
    • [Socket]
      ListenStream=
      ListenStream=1234
    • Obviously change 1234 to the port number you want
    • sudo systemctl daemon-reload
      sudo systemctl restart ssh.socket

After this you can check what port ssh is listening on:

  • sudo systemctl status ssh

Important Notes:

If you change to using the socket stream make sure you add both the ListenStream lines in.  If you don’t you may find yourself still istening on the old port as well as the new one. This has been some folks experience. I assume the first blank ListenStream wipes old settings and then adds the new port in.

A Note To Package Managers

This is the second change to SSH See Here – cannot disable Password Authentication

None of these changes have been visible to J.Average.Users like myself as we don’t lurk on Ubuntu forums and quite frankly reading change notes is tedious.

Both these changes are major changes to the security model / setup used by Ubuntu.

PUT NOTES INTO THE SSH_CONFIG file next to Ports, ListenAddress and the Password authentication settings ( plus any other settings you have mucked with) warning users you have majorly altered basic functionality.  I personally lost several hours thinking it must be ISPConfig updates or some other security software messing with the systems. It never occurred to me to not trust package managers to refrain from altering settings which are almost as old as Linux. Random fiddling is what I expect from Microsoft, not Ubuntu – although I’m obviously now going to have to change this bias to include distrust of Ubuntu package managers. A sad day indeed.

 

 

Categories
Recent Posts
Common Tags
autoconfig (1) autodiscover (1) Avoid paypal (1) Chrome (1) Chromebook (1) Custom Post Types (1) DNS (1) Email Export (1) Excel (1) get_categories (1) get_term (1) get_terms (1) Hierarchy (1) Javascript (2) Linux (2) ListenPort (1) Macro Coding (1) mail servers (1) Mail Services (3) MB2MD (1) MD2MB (1) mount VDI (1) Mount Volume Group (1) Move email to new server (1) Mr ChromeBox (1) Open Office Calc (1) Parse IP4 Address (1) Password Authentication (1) Paypal Complaint (1) Paypal dangerous (1) PAypal dont pay out (1) Paypal issues (1) Recover Chrome OS (1) recover Data from VDI (1) Security (3) SmarterMail (2) SSH (1) Sshd_Config (1) Taxonomy (1) Ubuntu 22.04.3 (1) Vanilla Javascript (2) VDI (1) VirtualBox (1) Windows 10 (4) WordPress (1)
Recent Posts
Recent Comments
    Archives
    Categories
    Meta
    logo

    Copyright Outsourced Information Technology Limited 2020