Want to subscribe to topics you're interested in?
Become a Member

Sysadmin Can't SSH into server after changing SSH port with centmin menu option 16

Discussion in 'System Administration' started by brainlet2000, Aug 3, 2020.

  1. brainlet2000

    brainlet2000 Member

    42
    4
    8
    Jan 21, 2020
    Ratings:
    +7
    Local Time:
    9:25 AM
    1.17.7
    10.3.21
    My memory on this is hazy as it's just a small project I am working on and I haven't worked on it for a month. But basically I ran menu option #16 to change my default connection port to 889. Then I tried to test it by SSHing into the server in a new tab with port specification "ssh user@IP -p 889" but I noticed it didn't work.

    Then I (stupidly) ran the menu option again to change the port to 22. Unfortunately since then I haven't been able to connect to the server to either port 22 or port 889 even after several reboots and power cycles.

    Error I get on port 22:
    ssh: connect to host (IP ADDRESS) port 22: Connection refused

    Error I get on port 889:
    ssh: connect to host (IP ADDRESS) port 889: Connection timed out


    Is there anything I can do to regain access?
     
  2. eva2000

    eva2000 Administrator Staff Member

    55,237
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,833
    Local Time:
    5:25 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    You can change the sshd listening port from default 22 to a number below 1024 via centmin.sh menu option 16 which will change your sshd listening port by
    • first prompting to you enter existing sshd port = 22
    • and then prompt you for your desired new sshd port and will make appropriate changes in CSF Firewall
    • once change is made, DO NOT exit your current SSH session but open a new SSH session test connection to this server making sure to have changed your SSH session/profile's SSH port from 22, to the new port number you selected. See if the new separate SSH session can connect to the new sshd port. If it can, you should be good to go.
    For 1st time centmin.sh menu option 16 run, did you enter in existing sshd port 22 before entering desired change port ? so enter 22 then 889 ?

    If you didn't reboot server or exist your existing SSH session, you would of been able to get in again by editing changes/fixes in existing SSH session. But as you rebooted server, you would of lost the option to fix the issue. Only way now is to hope your web host has out of band console/kvm access or serial console access i.e. DigitalOcean, Vultr and Linode and most SolusVM control panels would have such option so ask your web host on how you can regain SSH access.

    Unfortunately, if your web host doesn't have such access, there is usually no way to regain SSH access. But contact your web host and see if they can help.
     
  3. buik

    buik “The best traveler is one without a camera.”

    2,033
    525
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,679
    Local Time:
    9:25 AM
    Please keep in mind that several providers provide a firewall where only the default ports are open (default ssh port etc). For example OpenStack and CloudStack based software provides a firewall by default, outside the VPS server.

    In short, check whether they provide their own firewall?

    Has the provider blocked certain ports by default?

    Is port 889 not used by default for other services by the provider or yourself and does this cause it to malfunction?

    After all several providers provide a recovery console, Check the availability and see how you can manually change the port via the recovery console. Both ssh and csf need to be changed manually as the centmin console is most likely not working in recovery environments.
     
  4. eva2000

    eva2000 Administrator Staff Member

    55,237
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,833
    Local Time:
    5:25 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    +1 yes that is another factor to consider, Amazon and Google Cloud servers also have their own Firewall in front of the virtual servers they provide