Changing ssh port

Hi friends.

Hope everyone is doing well.

I got this annoying issue with sshd on alma 9

It’s pretty simple i try to change the sshd’s default port.

Here is how i proceeded :


the ssh conf ( i also trie to keep the 22 + 30022)

/etc/ssh/sshd_config

#Port 22
Port 30022

add the selinux rule :

semanage port -d -t ssh_port_t -p tcp 30022
semanage port -l | grep ssh

the output seems to tell the two ports are setup

ssh_port_t                     tcp      30022, 22

i edit my firewall accordingly :

firewall-cmd --permanent --zone=public --add-port=30022/tcp
firewall-cmd --runtime-to-permanent
firewall-cmd --reload

here is the public zone which is the default active.

firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens192
  sources: 
  services: dhcpv6-client ssh
  ports: 30022/tcp
  protocols: 
  forward: yes
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

then everything must be setup i restart my sshd unit

systemctl restart sshd

i listen to the ports/sockets :

ss -lapunte | grep 22
tcp   LISTEN 0      128                               0.0.0.0:30022        0.0.0.0:*     users:(("sshd",pid=33709,fd=3)) ino:103679 sk:c cgroup:/system.slice/sshd.service <->                
                                                                                                                                                                                              
tcp   ESTAB  0      52                          BOXIP:22    LAPTOPSESSION:58716 users:(("sshd",pid=4950,fd=4),("sshd",pid=4931,fd=4)) timer:(on,264ms,0) ino:35414 sk:6 cgroup:unreachable:a00 <->                                                                                                                                                                              

everything should be fine right ?

when from a client i try

nc -zv BOXIP 30022

i can’t pass. But it’s not firewall cause. I enabled the LogDenied=all option and grep my laptop’s ip in the logs.

My guess is a problem with selinux and i suck at this.

i may need to look through ausearch or aureport -au or aureport -au --failed --summary but i’m puzzled.

I’m pretty sure i just miss something obvious here and some wizard can help me with this

thanks
have a nice day

1 Like

Nevermind

I’m dumb, i didn’t see my vps provider already had a firewall policy.

Pure dumb network issue. Nothing related to alma 9.

its not dumb, its just lack of comms from your provider. its a very useful howto post though - especially the semanage bits people tend to forget about (they just do the firewall-cmd stuff)