I changed my default SSH port on my home server (in the /etc/ssh/sshd_config
file) to port 54747, then restarted the ssh
and sshd
services (never sure which one so I did both just to be safe). To test my configuration, I logged out and then back in without any problem.
A couple days later, I installed apt updates, and then rebooted my server. When I tried to SSH back in (on port 54747), I got a connection refused error.
For some reason, I tried to SSH on default port, and it worked ! I went back to check on the sshd_config, but it still had the custom port. So I restarted the ssh
and sshd
services, and it got back to "regular" behaviour (ssh on port 54747). I tried rebooting again, and connection refused again…
Anyone knows what I did wrong ?
Extra details :
- Ubuntu 16.04.2 LTS
- Server is also used a HTPC, with an open session (same user as SSH) on my TV
- I SSH using my laptop's RSA key, and have disabled password auth
- I used to reboot with
sudo reboot -h now
, but after searching, I discovered it was discouraged by some people, so I triedsudo reboot
, but no differences
EDIT
Sequence of events :
- Change SSH port from 22 to 54747 in
/etc/ssh/sshd_config
- Restart ssh and sshd services
- End current SSH session
- SSH back in successfully on port 54747
- Reboot
- SSH connection error on port 54747, but successful on port 22
- Restart ssh and sshd services
- SSH back in successfully on port 54747, connection error on port 22
- Reboot and go back to 6
EDIT 1 : netstat
output
rgo@ATLAS:~$ sudo netstat -lntp | grep :54747
rgo@ATLAS:~$ sudo netstat -lntp | grep :22
tcp6 0 0 :::22 :::* LISTEN 1/init
EDIT 2 : service sshd status
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: inactive (dead)
EDIT 3 : lsof -i | grep ssh
systemd 1 root 46u IPv6 42724 0t0 TCP ATLAS:ssh->192.168.1.27:49837 (ESTABLISHED)
systemd 1 root 49u IPv6 14641 0t0 TCP *:ssh (LISTEN)
sshd 4088 root 3u IPv6 42724 0t0 TCP ATLAS:ssh->192.168.1.27:49837 (ESTABLISHED)
sshd 4088 root 4u IPv6 42724 0t0 TCP ATLAS:ssh->192.168.1.27:49837 (ESTABLISHED)
sshd 4202 rgo 3u IPv6 42724 0t0 TCP ATLAS:ssh->192.168.1.27:49837 (ESTABLISHED)
sshd 4202 rgo 4u IPv6 42724 0t0 TCP ATLAS:ssh->192.168.1.27:49837 (ESTABLISHED)
For reference, ATLAS is the remote server hostname, 192.168.1.27 is my laptop's LAN IP, and command was executed between steps 6 and 7
ufw status
Status: inactive
EDIT 4 : ps -ef |grep sshd
root 4088 1 0 22:40 ? 00:00:00 sshd: rgo [priv]
rgo 4202 4088 0 22:40 ? 00:00:00 sshd: rgo@pts/1 sshd
Best Answer
ssh may be "socket activated" by systemd depending on configuration, which means that initially it is systemd that sets up the listening port, and sshd is only started when a client first connects. This is to speed up startup time: service daemons are only started on demand.
However this means that you must also configure systemd to the matching port. You'll find the system configuration in
/lib/systemd/system/ssh.socket
which listsListenStream=22
. To override this, create a file/etc/systemd/system/ssh.socket.d/port.conf
(creating the directoryssh.socket.d
if needed) that contains:Change the number to the port desired. The first blank entry erases the previous default, and the subsequent entry adds the new one. This overrides the default shipped in
/lib/systemd/system/ssh.socket
and must be done in addition to changing/etc/ssh/sshd_config
.Then run
sudo systemctl daemon-reload
to tell systemd about your changes, andsudo systemctl reload ssh
if your ssh daemon was previously running.