Question

18

SSH default port not changing (Ubuntu 22.10)

rated 0 times [ 18] [ 0] / answers: 1 / hits: 7674 / 1 Year ago, sat, december 10, 2022, 1:56:04

I am on Ubuntu 22.10

I have:

Edited /etc/ssh/sshd_config, left the default '#Port 22' line but added below it: 'Port 1234'

Then added allow rule for it in UFW using command 'sudo ufw allow 1234' which added:

To	Action	From
1234	ALLOW	Anywhere
1234 (v6)	ALLOW	Anywhere (v6)

I then restart the SSH service using 2 different methods (see start of block below) but I see no change, service status states it started listening on port 22 and to verify this I check listening ports and sure enough it's still 22.

sudo systemctl restart ssh



sudo service ssh restart



systemctl status ssh



ssh.service - OpenBSD Secure Shell server

 Loaded: loaded (/lib/systemd/system/ssh.service; disabled; preset: enabled)

Drop-In: /etc/systemd/system/ssh.service.d

         └─00-socket.conf

 Active: active (running) since Mon 2022-11-07 10:12:52 AEDT; 5s ago

TriggeredBy: ● ssh.socket

   Docs: man:sshd(8)

         man:sshd_config(5)

Process: 54858 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)

Main PID: 54859 (sshd)

  Tasks: 1 (limit: 1020)

 Memory: 1.3M

    CPU: 13ms

 CGroup: /system.slice/ssh.service

         └─54859 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"



Nov 07 10:12:52 webserver.abc.com systemd[1]: Starting OpenBSD Secure Shell server...

Nov 07 10:12:52 webserver.abc.com sshd[54859]: Server listening on :: port 22.

Nov 07 10:12:52 webserver.abc.com systemd[1]: Started OpenBSD Secure Shell server.



ss -tlpn



State         Recv-Q        Send-Q               Local Address:Port   Peer Address:Port Process

LISTEN        0             4096                             *:22                *:*    -

Am I missing a step or doing something wrong? I do note the service status has "preset: enabled" but multiple guides I've read haven't mentioned anything about disabling anything like presets.

EDIT:
Thanks matigo for reminding me but sshd.service doesn't seem to be installed yet I have the config files and can remote in just fine, not sure if I just don't understand and I need to install sshd for it to take over the default ssh operations?

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

odyroc

Add To Favorites

Follow

Total Points: 324

Total Questions: 109

Total Answers: 103

Location: Belize

Member since Mon, Apr 17, 2023

1 Year ago

odyroc questions

1 22.04 Jammy PXE Booting Help

Mon, Dec 26, 22, 00:22, 1 Year ago

1 What options do I have to upgrade an unsupported i386 version of Ubuntu to an operating system with newer packages?

Sat, May 21, 22, 08:16, 2 Years ago

1 How to check which underlaying Debian version my Ubuntu release does use?

Tue, Dec 28, 21, 21:29, 2 Years ago

1 How to update .NET SDK to latest version?

Sun, Apr 2, 23, 03:42, 1 Year ago

1 Cmake can not find ZLIB on Ubuntu 20.04

Thu, Mar 2, 23, 13:02, 1 Year ago

View All

answered 1 Year ago ledeball · Accepted Answer

SSHd now uses socket-based activation Ubuntu 22.10 or later.
Read more about this change being discussed here.

TLDR: The /etc/ssh/sshd_config are unused, now that I read the comments in full I found:

# Port and ListenAddress options are not used when sshd is socket-activated,

# which is now the default in Ubuntu. See sshd_config(5) and

# /usr/share/doc/openssh-server/README.Debian.gz for details.

Your options for changing from default port:

Turning off this change and reverting to how SSHd worked prior to this update (From twinsen in discussion linked above):
- systemctl disable --now ssh.socket
- systemctl enable --now ssh.service
- Then the /etc/ssh/sshd_config works again with Ports and Addresses
  setting

OR Listening socket stream update (from saxl in discussion linked above)
1. mkdir -p /etc/systemd/system/ssh.socket.d
2. ```
cat >/etc/systemd/system/ssh.socket.d/listen.conf <<EOF

[Socket]

ListenStream=

ListenStream=1234

EOF
```
3. sudo systemctl daemon-reload
4. sudo systemctl restart ssh

It should then state it's started listening on the new port:
systemctl status ssh
...

Nov 07 14:42:37 webserver.abc.com sshd[58725]: Server listening on 0.0.0.0 port 1234.

Nov 07 14:42:37 webserver.abc.com sshd[58725]: Server listening on :: port 1234