Hi friends.
Hope everyone is doing well.
I got this annoying issue with sshd on alma 9
It’s pretty simple i try to change the sshd’s default port.
Here is how i proceeded :
the ssh conf ( i also trie to keep the 22 + 30022)
/etc/ssh/sshd_config
#Port 22
Port 30022
add the selinux rule :
semanage port -d -t ssh_port_t -p tcp 30022
semanage port -l | grep ssh
the output seems to tell the two ports are setup
ssh_port_t tcp 30022, 22
i edit my firewall accordingly :
firewall-cmd --permanent --zone=public --add-port=30022/tcp
firewall-cmd --runtime-to-permanent
firewall-cmd --reload
here is the public zone which is the default active.
firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens192
sources:
services: dhcpv6-client ssh
ports: 30022/tcp
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
then everything must be setup i restart my sshd unit
systemctl restart sshd
i listen to the ports/sockets :
ss -lapunte | grep 22
tcp LISTEN 0 128 0.0.0.0:30022 0.0.0.0:* users:(("sshd",pid=33709,fd=3)) ino:103679 sk:c cgroup:/system.slice/sshd.service <->
tcp ESTAB 0 52 BOXIP:22 LAPTOPSESSION:58716 users:(("sshd",pid=4950,fd=4),("sshd",pid=4931,fd=4)) timer:(on,264ms,0) ino:35414 sk:6 cgroup:unreachable:a00 <->
everything should be fine right ?
when from a client i try
nc -zv BOXIP 30022
i can’t pass. But it’s not firewall cause. I enabled the LogDenied=all
option and grep my laptop’s ip in the logs.
My guess is a problem with selinux and i suck at this.
i may need to look through ausearch
or aureport -au
or aureport -au --failed --summary
but i’m puzzled.
I’m pretty sure i just miss something obvious here and some wizard can help me with this
thanks
have a nice day